HTB Connected Writeup
Table of Contents
Overview#
Connected is an easy difficulty Linux box on HackTheBox.
This box is still active, so the full write-up below under embargo until it retires.
Reconnaissance#
Port Scan#
Kicking off with a fast scan to see what’s open:
┌──(kali㉿kali)-[~/htb]
└─$ sudo nmap 10.129.169.187 --min-rate 5000
Starting Nmap 7.98 ( https://nmap.org ) at 2026-06-08 05:29 -0400
Nmap scan report for connected.htb (10.129.169.187)
Host is up (0.17s latency).
Not shown: 997 filtered tcp ports (no-response)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
Then a proper service and version scan against those three ports:
┌──(kali㉿kali)-[~/htb]
└─$ sudo nmap 10.129.169.187 -sC -sV -p 22,80,443
Starting Nmap 7.98 ( https://nmap.org ) at 2026-06-08 05:31 -0400
Nmap scan report for connected.htb (10.129.169.187)
Host is up (0.18s latency).
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.4 (protocol 2.0)
| ssh-hostkey:
| 2048 4e:60:38:6f:e7:78:6c:ca:58:62:a1:f1:56:ae:8d:30 (RSA)
| 256 12:41:55:26:9d:ad:3d:e8:bf:4e:31:aa:d7:d1:a5:d2 (ECDSA)
|_ 256 8e:b6:96:e0:21:83:5d:1d:ce:8d:e2:6a:dd:38:c6:75 (ED25519)
80/tcp open http Apache httpd 2.4.6 ((CentOS) OpenSSL/1.0.2k-fips PHP/7.4.16)
|_http-title: Did not follow redirect to http://connected.htb/
443/tcp open ssl/http Apache httpd 2.4.6 ((CentOS) OpenSSL/1.0.2k-fips PHP/7.4.16)
| ssl-cert: Subject: commonName=pbxconnect/organizationName=SomeOrganization
|_Not valid after: 2026-11-30T14:07:27
The SSL cert gives away the common name pbxconnect, and the host to add to /etc/hosts:
sudo sh -c 'echo "10.129.169.187 connected.htb" >> /etc/hosts'
The rest of this write-up is under embargo until this box is retired on HackTheBox. Check back soon for the full path to root.