Skip to main content

Starting the box

Link to the box: https://app.hackthebox.com/machines/eloquia

Port Scan

We start off the box by running a port scan on the provided IP.
Attacker Linux
rustscan --ulimit 5000 -a 10.129.10.149 -r 1-65535 -- -A -vvv -oN Eloquia
Output of Rustscan
Terminal Output
Open 10.129.10.149:80
Open 10.129.10.149:5985
Output of Nmap:
Terminal Output
PORT     STATE SERVICE REASON          VERSION                                                                                                               
80/tcp   open  http    syn-ack ttl 127 Microsoft IIS httpd 10.0
|_http-favicon: Unknown favicon MD5: 7487AC79D09DE6E54F3DF799C6B5B14A
|_http-title: Eloquia
|_http-server-header: Microsoft-IIS/10.0
| http-methods:                           
|_  Supported Methods: GET HEAD OPTIONS
5985/tcp open  http    syn-ack ttl 127 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) 
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-title: Not Found
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running (JUST GUESSING): Microsoft Windows 2019|10 (97%)
OS CPE: cpe:/o:microsoft:windows_server_2019 cpe:/o:microsoft:windows_10
OS fingerprint not ideal because: Missing a closed TCP port so results incomplete
Aggressive OS guesses: Windows Server 2019 (97%), Microsoft Windows 10 1903 - 21H1 (91%)
A few key notes:

Edit the Hosts file

As always, we edit the /etc/hosts file to add the hostname:
Attacker Linux
sudo nano /etc/hosts
/etc/hosts
Nano Interface
10.129.10.149 eloquia.htb

Active Box

This box is currently still active on Hack the Box - Full writeup will be available when the box is retired. Feel free to reach out to me on LinkedIn or Discord for nudges & sanity checks.