This chapter covers

• Maintaining persistent Meterpreter access
• Harvesting domain-cached credentials
• Extracting clear-text credentials from memory
• Searching the filesystem for credentials in configuration files
• Using Pass-the-Hash to move laterally

Now that our movie heist crew has successfully broken into or penetrated several areas of their target facility, it’s time for them to move on to the next phase of their engagement. Smash into the vault room, grab the jewels, and run? No, not quite yet. That would cause a lot of commotion, and they would probably get caught. Their plan instead is to blend in with the workers at the facility and slowly remove incrementally larger amounts of loot without arousing suspicions ...