Introduction
What?
With only access to the network and having enumerated users, attacking login interfaces to applications or operating systems with password spraying, brute-force and dictionary attacks, and hash cracking.
Why?
Gain access to the systems and the data they protect.
Defenders look for attacks against authentication systems based on things like the source of the request, the number of attempts, and the accounts targeted. They may have implemented account lockout policies to temporarily or permanently suspend an account based on a number of failed logins, or they may enable automated blocking for a source that makes too many attempts. In a pentesting context, prevent unnecessary disruption and avoid detection. In a red teaming context, this is not the best route to take.