@paddanada said:
I’m tearing my hair out with this easy to guess/lazy password. I’ve enumerated the list of user names but despite looping them through what feels like every obvious password I can think of, I’ve had no joy. Based on output from early enumeration, I been poking at S**. Is that where I’ve gone wrong?
You approach is correct. Take all the information you have right now - domains, obvious passwords, guesses, accounts, etc., and use that as the password list to try.
When you get it, you will realise you currently have the password.