OhSINT

TryHackMe | OhSINTTryHackMe

• I had to look at the first hint because I had no idea where to start. I spend way too much time looking at this image hoping to glean some information. Surprise, I didn't.

• The first thing you should do with this image is viewed the metadata associated with it. To do this, you want to use a tool called exiftool which is pretty neat and can pull a bunch of metadata from a file.

What is the user's avatar of?

• To start I ran the image through Exiftool.

• 
• Let's first start with the "Copyright" information which is OWoodFlint

  • Start by googling OWoodFlint

  • 
• Let's start with the first link, their twitter account:

  • 
  • Looks like their Instagram avatar is of a "Cat"

What city is this person in?

• From the metadata, we have GPS coordinates. I copied those and googled them:

  • You can convert these coordinates to degree decimals.

    • 54.294797°N, 2.250369°W

  • Plugging these into google maps shows it in the UK which is actually where the image was taken if you go to street view. However, this is not where the target is.

• I decided to visit one of the other pages found through Google. I checked out the GitHub next.

  • 
  • Looks like they are in London.

What is the SSID of WAP he is connected to?

• I had to use the previous hint to see what I could do with the BSSID. Looks like I should use a site called wigle.net that can look up information on a given BSSID.
• I had to create an account but then I was able to use their advance search to look up the BSSID, B4:5D:50:AA:86:41, that was given above in their twitter post above.

  • 
• This gave me the SSID: UnileverWiFi

• It also shows the location again to be in London

What is his personal email address?

• On their GitHub page from above you can see their email address is: OWoodflint@gmail.com

What site did you find his email address on?

• As mentioned above, I found it on GitHub.

Where has he gone on holiday?

• On their WordPress website, I found that they are currently in New York

  • 

What is this person's password?

• I started by browsing the pages that were available, Twitter, Github, and WordPress.

  • I didn't find anything pertinent that stuck out as a password.

• I decided to google the name again to see if I could uncover another page I wasn't aware of but this turned up empty.

• I went back to the original three pages and continued to browse through them.

• I decided to then look at the source code for the WordPress site.

  • I scrolled through the source code, not with a fine tooth comb, but didn't come up with anything.

  • I usually search source pages with "<!--" as this will normally turn up comments in the HTML. Searching through these, unfortunately, didn't turn up anything.

• I spent the next 30min or so pursuing all of the information again but nothing of note was turning up.

• Unfortunately, I gave up and decided to look up another write-up to see where the password is, and am now kicking myself. It was in the source code for the WordPress site.

  • It looks like right under the one and only post is a text field with the password set in white so it is camouflaged on the page. A little upset with myself that I missed this but a good lesson learned and will keep this in mind in the future. Though I doubt it will be this easy next time.

  • The password is pennYDr0pper.!

  • 
  •