TryHackMe OhSINT Writeup
What is OSINT?
OSINT (Open Source Intelligence) involves collecting and analyzing publicly available information from sources like publications, media, websites, social media, and government reports to support decision-making in fields like national security and business intelligence.
OhSINT TryHackMe Room: https://tryhackme.com/r/room/ohsint
This room is all about getting information about an user from just an image. This is a pretty simple, easy & straightforward room.
We are given this image:
windows XP memories, sigh.
Question 1: What is the user's avatar of?
To solve this, we need to extract information from the image we were provided.
Images have metadata (text information related to the image) embedded in them. We'll use this metadata to find the info we need. To extract the EXIF/metadata from the image we will use exiftool. You can install EXIF tool by simply running:
sudo apt install exiftool
The installation command depends on your system, if you're on Arch Linux you'll have to run this:
sudo pacman -S perl-image-exiftool
Alternative Tools or Services you can use:
After you have successfully installed exiftool, run this command to get the required information about the image:
exiftool image.jpg
note: i assumed that you have saved the file with the name "image.jpg"
This is the output
➜ Downloads exiftool image.jpg
ExifTool Version Number : 12.76
File Name : image.jpg
Directory : .
File Size : 234 kB
File Modification Date/Time : 2024:07:04 09:53:31+05:30
File Access Date/Time : 2024:07:04 09:53:32+05:30
File Inode Change Date/Time : 2024:07:04 09:53:31+05:30
File Permissions : -rw-r--r--
File Type : JPEG
File Type Extension : jpg
MIME Type : image/jpeg
XMP Toolkit : Image::ExifTool 11.27
GPS Latitude : 54 deg 17' 41.27" N
GPS Longitude : 2 deg 15' 1.33" W
Copyright : OWoodflint
Image Width : 1920
Image Height : 1080
Encoding Process : Baseline DCT, Huffman coding
Bits Per Sample : 8
Color Components : 3
Y Cb Cr Sub Sampling : YCbCr4:2:0 (2 2)
Image Size : 1920x1080
Megapixels : 2.1
GPS Latitude Ref : North
GPS Longitude Ref : West
GPS Position : 54 deg 17' 41.27" N, 2 deg 15' 1.33" W
We can see the image belongs to OWoodflint
by observing the copyright field.
We'll now use Google to find some info about this person:
We have found the links to their X/twitter, GitHub & Blog.
It seems like they are using an avatar of a cat on Twitter.
We have the answer to our first question, cat.
Answer 1: Cat
Question 2: What city is this person in?
We can see a tweet by the person where they are sharing their WiFi BSSID.
We'll use a site called https://wigle.net to gather info about the WiFi network.
You'll need to sign up for an account on the website.
Then navigate to View > Search > Advanced Search (https://wigle.net/search)
Now copy the BSSID you have from the tweet and paste it in the BSSID/MAC field of the search tool and hit the query button.
We have a matching result. Now click on "map".
We can see the network is located in London:
We have our second answer, London.
Answer 2: London
Question 3: What is the SSID of the WAP he connected to?
We found the SSID of the WAP by our wigle search.
Answer 3: UnileverWiFi
Question 4: What is his personal email address? Readme of a repository on the user's GitHub profile has his email address:
Answer 4: [email protected]
Question 5: What site did you find his email address on?
We found the user's email on GitHub.
Answer 5: GitHub
Question 6: Where has he gone on holiday?
We can check the user's wordpress blog and find that the user has went to New York on holiday.
Question 7: What is the person's password?
If we observe the site's source code closely we will be able to find this:
Answer 7: pennYDr0pper
That's it, the room is complete now.