If he had access to the shadow file, he could just hash the passwords and create a lookup table to run on the shadow files.