The articles you have read are correct.
However, if for example, a user uses a dictionary word, and you aren't salting your hashes, then those circumstances are open to dictionary attacks. Which is why no-one worth their salt, pun intended would use a hash algorithm without a salt.
Frankly I find it unlikely a systems administrator would need to get a password, as generally they have impersonation rights.
