Not so easy. Developers already have been using salts with password hashing techniques which makes a brute force very time consuming. These techniques use rainbow tables which are only valid when hashes are created without creating random salts.
That's apart from the fact that most systems would have brute force protection in place with time limits; at least they already do in web apps.
P.S. they also list web apps like forum softwares (IPB, vBulletin etc.). However, they don't mention that they need the database to brute force the existing hashes. Obviously they can't have that database without finding other system exploits first.