Pacu can be used to compromise credentials, but its legitimate possible lies during the post-compromise period. on the other hand you can get credentials — by phishing, World-wide-web application vulnerabilities, https://tedeoan215841.empirewiki.com/user
