Post

Eloquia

HackTheBox Eloquia machine writeup — reconnaissance and enumeration walkthrough.

Posted
By Andrés
1 min read
Eloquia

🎬 Act I: Discovery

The Landscape

When I first scanned Eloquia, I expected the usual sprawl of services. Instead, I found a minimalist setup—a sign of either excellent hardening or a very specific attack surface.

1
2
3
4
5
6

# The scan that started it all
nmap -sC -sV -p- --min-rate=5000 10.10.11.99

# Results:
# 80/tcp   open  http    Microsoft IIS 10.0
# 5985/tcp open  winrm   Microsoft HTTPAPI 2.0

What This Tells Us:

  • 🔹 Windows Server 2016/2019 (IIS 10.0)
  • 🔹 WinRM enabled = potential credential attacks
  • 🔹 Limited surface = need to dig deep into web apps

Virtual Host Discovery

1
2

# Add to /etc/hosts
echo "10.10.11.99 eloquia.htb qooqle.htb" | sudo tee -a /etc/hosts

Two Applications, Two Purposes:

ApplicationPurposeTech Stack
eloquia.htbBlog CMSDjango + SQLite
qooqle.htbOAuth ProviderDjango + OAuth2
🔒

Premium Content

The full exploitation walkthrough, privilege escalation, and flags are available exclusively for members.

Unlock Full Writeup →
HackTheBox, Writeup
htb hackthebox writeup pentest eloquia
This post is licensed under CC BY 4.0 by the author.