@Gargron 1) Find Passwordlists in web (e.g. https://github.com/danielmiessler/SecLists)
2) hash those with bCrypt
3) compare them to the hashes in your db
4) ???
5) profit