GS-009: ARASAKA — Tradecraft Drills in the Dark (HackSmarter) | 2025-12-15

Описание: Everyday Hacks to Elite Attacks — Cyber Warfare. Ghost Ops. Red Team Tactics. HaxrByte.

You ever grind Hack The Box for 4 hours…
…only to realize you missed a basic enumeration step?
Yeah. Same. 😅

After 20 years in Red Teaming, I still hit that wall — and that’s exactly what tonight’s stream is about.

We’re going hands-on, raw and unfiltered:
💀 Solving Hack The Box machines live
⚔️ Explaining Red Team logic behind every move
🧩 Sharing how to think, not just type

If you’ve ever felt stuck or not good enough at CTFs — pull up a chair.
This isn’t a tutorial. It’s therapy for hackers.

--------------------------------------------

Here's a breakdown of the video into chapters:

00:00:05 Introduction and Stream Goals
00:06:36 Discord Competition Announcement
00:10:20 Hacksmarter Platform and Arisaka Box
00:11:06 Initial Setup and Reconnaissance
00:17:17 Port Scanning and Nmap Issues
00:24:21 Initial Enumeration with NetExec
00:29:10 User Enumeration and BloodHound Introduction
00:34:55 BloodHound Setup and Data Ingestion
00:44:30 Analyzing BloodHound Data and Kerberoasting
00:53:50 Kerberoasting Attack and Password Cracking
01:04:36 Verifying Compromised Credentials
01:05:40 Next Steps and Potential Exploits

--------------------------------------------

Here's a summary of the key points:

Introduction and Stream Goals (0:05-1:11): HaxrByte introduces himself and explains that the stream will focus on solving Hack The Box machines live, explaining Red Team logic, and sharing how to think like a hacker. He also mentions that this will be his second to last stream for the year.

Discord Competition Announcement (6:36-7:21, 49:00-50:40): HaxrByte announces a Discord competition where participants can win a year's access to the Hacksmarter hands-on labs, valued at almost $100. The competition ends on Thursday, December 18th, and the winner will be announced live on stream.

Hacksmarter Platform and Arisaka Box (10:20-11:06): The speaker introduces Hacksmarter, a platform similar to Hack The Box and TryHackMe, created by Tyler Ramsby. He plans to work on the "Arisaka Active Directory Pen Test," which is an easy box but offers learning opportunities.

Initial Setup and Reconnaissance (11:06-16:00): HaxrByte begins the CTF by taking notes in Notion, setting up the environment, and connecting to the machine via VPN. He adds the target IP and hostname to his /etc/hosts file for proper DNS resolution.

Port Scanning and Nmap Issues (17:17-23:10): He attempts a port scan using Ruscan and Nmap, but encounters issues with ping probes being blocked, requiring the use of Nmap -Pn to bypass this. He notes that in a real red team scenario, a port scan might not even be necessary in an assumed breach.

Initial Enumeration with NetExec (24:21-29:10): HaxrByte uses NetExec (NXC) to enumerate the Windows server, identifying it as Windows Server 2022, domain controller DC01, and the domain hacksmarter.local. He also uses the provided credentials (Faraday:Hacksmarter123) to test connectivity and enumerate shares and users.

User Enumeration and BloodHound Introduction (29:10-34:55): He continues to enumerate users, finding a longer list using red brute. HaxrByte then introduces BloodHound, a tool for Active Directory enumeration and visualization, which is typically used in assumed breach scenarios.

BloodHound Setup and Data Ingestion (34:55-44:30): He faces some initial challenges starting Docker for BloodHound but eventually gets it running. He then ingests the data collected by RustHound into BloodHound for analysis.

Analyzing BloodHound Data and Kerberoasting (44:30-53:50): HaxrByte analyzes the BloodHound graph, identifying "The Emperor" as a domain administrator. He then focuses on finding "coercible users," which are vulnerable to Kerberoasting, and identifies "alt svc" as a target.

Kerberoasting Attack and Password Cracking (53:50-1:04:36): He successfully performs a Kerberoasting attack using netexec ldap to obtain the hash for the alt svc user. He then uses Hashcat with the RockYou wordlist to crack the hash, revealing the password "baby girl one."

Verifying Compromised Credentials (1:04:36-1:05:40): HaxrByte verifies that the newly cracked credentials for alt svc are valid using netexec ldap.

Next Steps and Potential Exploits (1:05:40-1:07:25): He notes that alt svc has "GenericAll" access over another user, "Yorino," which effectively means full control. He discusses the possibility of changing Yorino's password or using shadow credentials with tools like pywhisker.

#haxrbyte #RedTeam #EthicalHacking #PenetrationTesting #CyberWarfare #HaxrByte #GhostShell