OhSINT

Hello guys were back again, this time with Ohsint from TryHackMe: https://tryhackme.com/room/ohsint. This room is all about open-source intelligence. Given only a image.jpg we must use our open-source knowledge and tool-kit to find all the answers. This room will show you how easy and with very little information you can gain information about a target.

The first thing we need to use exiftool (command-line application for reading, writing and editing meta information in a wide variety of files.) Looking at the copyright section we see a name.

1. What is this users avatar of?

Answer: Cat

Running a google search on the authors name returns a twitter page, GitHub, and blog post.

Starting with Twitter:

We find a post with the users BSSID. We will be able to use this to find the users location.

2. What city is this person in?

Answer: London

3. Whats the SSID of the WAP he connected to?

Answer: unileverwifi

Search for wigle.net and after making an account. Search for the location of BSSID of the user. We not only see the user’s BSSID is in London but also we see the SSID for his WAP.

4. What is his personal email address?

Answer: OWoodflint@gmail.com

5. What site did you find his email address on?

Answer: GitHub

Moving on to GitHub. A search of the GitHub reveals an email account for the user.

Where has he gone on holiday?

Answer: New York

Now lets look at the blog. We can see that the user is away in New York.

What is this persons password?

Answer: pennYDr0pper.!

Lets check out the source code.

We see that a possible password was left in the source code. Sloppy!!