Scholarfriends
https://scholarfriends.com
Downloaded by: | https://scholarfriends.com/singlePaper/620363/hack-the-box-eloquia-writeup
Distribution of this document is illegal.
, HTB Eloquia — Writeup
Hosts Configuration
Add the following entries to /etc/hosts:
10.10.11.99 eloquia.htb qooqle.htb
Initial Access — OAuth CSRF Admin Takeover
Vulnerability Overview
- Issue: OAuth 2.0 implementation missing state parameter
- Impact: CSRF allowing OAuth account linking
- Result: Admin account takeover without password
Attack Flow Summary
1. Attacker logs into their own Qooqle account
2. OAuth flow is initiated without state validation
3. A malicious OAuth callback URL is generated
4. Admin visits the crafted URL while logged into Eloquia
5. Attacker’s Qooqle account is linked to the admin Eloquia account
6. Attacker logs in as admin via OAuth SSO
Exploit Execution
Run the following exploit script to generate the malicious OAuth CSRF URL:
python3 oauth_csrf_admin_takeover.py
The script logs into the attacker’s Qooqle account, generates the OAuth callback, and outputs a
malicious CSRF URL to be delivered to an admin user.
Admin Credentials Obtained
Username: admin
Password: MyEl0qu!
@Admin
This study source was downloaded by 100000904123021 from CourseHero.com on 03-02-2026 01:47:51 GMT -06:00
https://www.coursehero.com/file/253802789/eloquia-writeupdocx/