TryHackMe: OhSINT Walkthrough
This TryHackMe room focuses on open-source intelligence gathering, commonly referred to as OSINT. In this room, you will learn various techniques and tools used to collect and analyze information from publicly available sources such as social media, websites, and other online resources.
As a cybersecurity professional, it is essential to understand how OSINT can be leveraged to gain valuable insights into a target and identify potential vulnerabilities that can be exploited.
There is just one task in this room, but you must answer seven questions to do it.
To begin working on this room, we need to acquire the Task Files by clicking on the blue button located at the top of Task 1 labeled “Download Task Files” as highlighted in the below screenshot.
This action will enable us to obtain an image file called “WindowsXP.jpg”, which is shown below.
If you see the image, you will find that there is no information available from the given image. Let’s try to see the image properties by right-clicking on the WindowsXP.jpg file. Nevertheless, as seen in the image below, it is not particularly useful.
After searching on the web, I came across a tool called ExifTool which is widely used by photographers, digital forensics professionals, and others who work with digital files and need to manage metadata. It can be run from the command line or used with a graphical user interface, and there are also many third-party applications that integrate with Exiftool. It was developed by Phil Harvey and can be downloaded from his website https://exiftool.org/. I am going to use a Windows executable version of ExifTool. Next, I created a separate folder on my machine on the Desktop where I kept the downloaded zip file of Exiftool and extracted its contents at the same location. In the same folder, I have kept the WindowsXP.jpg file. To use Exiftool we need to rename the application file to exiftool.exe as shown in the below screenshot.
Now, I am going to use the Windows command prompt to use the Exiftool. In the same folder simultaneously press the shift key and right-click the option, you will see an option “Open in Terminal” in the menu as shown in the below screenshot.
Click on “Open in Terminal”, and you will see the command prompt gets open with the same path as the folder you are in as shown in the below screenshot.
Now I will run the Exiftool to see if I can find anything interesting about the WindowsXP.jpg image using the below command.
exiftool.exe WindowsXP.jpg
As a result of this action, some intriguing details have come to light, including information on the image copyright and GPS coordinates, which can be seen in the above screenshot.
After conducting a brief Google search using the term ‘OWoodflint’, three pages have been found, one on Twitter, one on GitHub, and one on WordPress as shown in the below screenshot. To answer the first question regarding the user’s avatar, if you see the hint then it’s mentioned that there could be a social media account. So most probably you can check the Twitter profile.
Q.1 What is this user’s avatar of?
Ans: The user’s avatar is a cat.
Q.2 What city is this person in?
Ans: Using the hint given in the question you get to know that to know the city where the person is you need to use BSSID and Wigle.net
If you open the Twitter link from the previous search you will see the BSSID value “Bssid: B4:5D:50:AA:86:41” in the tweets as shown in the below screenshot.
Now once you have BSSID you need to go to Wigle.net and do an advanced search using BSSID as shown in the below screenshot.
In the Network Characteristics section enter the BSSID value and click on Query. After querying you will get a result for that BSSID as shown in the below screenshot.
Now, click on the map link from the results and you will get the location for that BSSID as shown in the below screenshot.
So, the person whom we are looking for is based in London as per the BSSID he mentioned in the tweet from his Twitter account.
Q.3 What’s the SSID of the WAP he connected to?
Ans: The SSID is UnileverWiFi, you can get the SSID from the previous search that we did for the BSSID in the previous question.
Q.4 What is his personal email address?
Ans: His personal email address is OWoodflint@gmail.com, this is available on his GitHub page github.com/OWoodfl1nt/people_finder as shown in the below screenshot.
Q.5 What site did you find his email address on?
Ans: Github
Q.6 Where has he gone on holiday?
Ans: He has gone to New York for his holiday as he mentioned on his WordPress blog oliverwoodflint.wordpress.com/author/owoodflint/ as shown in the below screenshot.
Q.7 What is this person’s password?
Ans: I had to ponder over the final query and contemplate how to obtain the password and its purpose. Since Twitter and the GitHub page had nothing worthwhile, I assumed that the WordPress Blog was the only remaining option. Our only option was to examine the page source of the WordPress website. Upon doing so, we discovered a strange string that resembled a password.
Since the password was written in white font color, it was not visible on the page. However, by using the “ctrl+a” to select all and highlighting the entire text on the page, the password would become visible.
