If I understand it correctly, the course (Passive Information Gathering - Leaked Password Databases) mentions that on haveibeenpwned one can obtain the actual passwords that were leaked.

I have a pwned email address and when I enter it int haveibeenpwned, I still can’t seem to be able to get access to the plaintext password. So it seems to me that haveIbeenpwned is useful to find out if a password has been leaked, but where do I actually find the leaked passwords?

Without that piece of information, haveIbeenpwned doesn’t really help me much as an offensive tool.

Thanks in advance for your help.