TryHackMe | OhSINT

Another box down on

TryHackMe! Now admittedly,
this is a much more beginner-
oriented box, but it is a great
introduction to OSINT (Open-
Source Intelligence). There were
some cool challenges, but some
of it I find out a little
funky/cheesy (like the final
question). But overall, it was a
fun experience.

It starts off by giving us an image to download. So, unless the message is directly hidden in the
picture itself, the next step would be to take a look at the EXIF/XMP info that is stored on this
image. This can include info like the type of camera used to take the photo, the geo-location, the
name of the author, and much more!
So what you end up needing to do, is you can either use your computer to use this data, or some
type of tool that can display this EXIF/XMP data for us.

In the copyright for the photo, we can see the name “OWoodflint”. Since there isn’t much else
popping out right now, let’s just plug it into Google.
And the top three results are exactly what we are looking for! I just pulled them all up right away
to take a quick scan over them.

On his Twitter page we can see that the profile

picture is of a cat, so that answers our first
question. The next question is to see what city they
live in.
Scrolling through the Twitter page, there is a BSSID for a network there. Since he mentions that
his house is near this network and that he can access it, if we can find where this network is, we
can find his rough location.

Online there are lots of different ways and tools to do this, but I chose Wiggle to check and see if
it was recorded in their database. Wiggle is a war-driving program. When people are on the go,
they can turn on Wiggle, and it will scan all of the WiFi networks around them, and upload the
data that they grab to this service. By inputting his BSSID, I was able to track down the city that
he was located in, along with the info for the next question, which was regarding what the SSID
of the WAP he was connected to is.

Our next quest is to find his email address. We’ve bled his twitter page pretty dry, so let’s take a
look at his GitHub page.

There you have it! Easy enough to find. This info answers the next question as well. Now we are
going to attempt to find out where he went on Holiday. Since there is no other info on the
GitHub page, we are going to go to the last resource we have; his WordPress site.
Aaaaaaaand it says it right there on the front page, easy-peasy. The final question was a little
rougher, because so far in my exploration, I haven’t found this to be a useful thing to do when
doing OSINT challenges, but it is included in here. It is to find his password.
This is why I thought it was a bit cheesy. Most of the time, you probably will not run into
situations where the user has their password publicly posted, just slightly hidden/white text on a
white background. Taking a look at the HTML we see:

That it is just a new paragraph on the post, the text has no color, and is just sitting there.
Normally, we might be looking more towards password dumps/breaches to find old passwords
for people, but I guess this works too!

Overall, a great beginner box, and a great one to do when you only have a little bit of time and
still want some fun.