If I understand it correctly, the course (Passive Information Gathering - Leaked Password Databases) mentions that on haveibeenpwned one can obtain the actual passwords that were leaked.
I have a pwned email address and when I enter it int haveibeenpwned, I still can’t seem to be able to get access to the plaintext password. So it seems to me that haveIbeenpwned is useful to find out if a password has been leaked, but where do I actually find the leaked passwords?
Without that piece of information, haveIbeenpwned doesn’t really help me much as an offensive tool.
Thanks in advance for your help.