Large Organizations have developed teams to test their security. The Red team plays the role of the attacker and the Blue team is the defender.
A list of red team methods for password enumeration here. Good explanations.
Knowing how an attacker exploits your environment lets you create a plan to defend that environment.