OhSINT — TryHackMe

Writeup for TryHackMe’s OhSINT challenge

source: https://tryhackme.com/room/ohsint

Challenge link: https://tryhackme.com/room/ohsint

We are given an image file on which we have to perform OSINT(Open Source INTelligence).

source: https://tryhackme.com/room/ohsint

For performing OSINT on image file, i always use exiftool which helps in exfiltrating any hidden information/meta-data within the image.

exiftool WindowsXP.jpg

Here, an interesting information is Copyright : OWoodflint which looks like the owner/creater. Let’s search this on google.

Looks like this is exactly the same person. Let’s check out the twitter account.

Cool, a post with a BSSID. One great website for finding details about this Bssid or any wireless network is https://wigle.net/

Just enter the BSSID in the BSSID input field and hit the filter.

From here, we can get the city name as well as the SSID for the given BSSID.

From google, we also got some different results so let’s check them out.

From here, we can easily find out the email address of the owner. Also we found a wordpress blog from google so let’s check that out.

Front page doesn’t seem to reveal much other than the holiday location. Digging deeper in the source code by viewing source.

Looks like a secrect string (password). Probably a really bad idea to store some private information in HTML source code.

And there you go :)

Conclusion :-

Overall, this challenge was easy and really helpful for beginners to get their hands on the flavour of OSINT.

Resources :-

One great resource that i know and which i highly recommend for every OSINT enthusiast is OSINT-framework . Do check it out :)