TryHackMe’s ‘OhSINT’ Challenge

What is this users avatar of?

Figure 1 shows the critical information (or flags) that I found:

Social media account’s avatar

SSID (network name)

The city that the person lives in

Personal email address

Where he went for a holiday

The person’s password

Metadata information
After running exiftool, we could retrieve some information about the image. And from the output, I saw that the “Copyright” information has a value of “Owoodflint”.

OSINT (Open-Source Intelligence) refers to the collection of publicly available information that an individual knowingly or unknowingly left behind. Based on a fact sheet by Content Science, millennials (individuals born from 1981 to 1996) spent more time online — up to 18 hours per day, which is about 8 hours more than an average adult.

Today, there are also many more ways to share about one’s personal life such as showing our running routine, birthday celebrations photos and many more. The fact sheet also states that millennials are more likely to talk about products and brands over social media by sharing their reviews on the product or services. The digital footprint created as a result could potentially be seen or tracked by other people on social media.\

With this, the first flag was found — the user’s avatar was a cat.

What city is this person in?

Whats the SSID of the WAP he connected to?

What is his personal email address?

find his email address on?

GitHub

Where has he gone on holiday?

Finally, from the blog that also appeared in the Google search, I was able to find the remaining flags — his latest holiday location and password. His last post on his blog indicated that he was in New York.

What is this persons password?