OhSINT — TryHackMe Walkthrough
So as the challenge begins, we’re given only this image.
So I tried the usual steganography tools such as `strings`, `binwalk`, `stegsolve`. That didn't pan out anything.
Then I looked at the hint provided. It said:
exiftool is your friend. Who is the author of the image? Do they have any social media accounts?
So after running exiftool WindowsXP.jpg
I got a ton of metadata, out of which the following seemed interesting/relevant.
File Name : WindowsXP.jpg
Copyright : OWoodflint
GPS Latitude Ref : North
GPS Longitude Ref : West
GPS Position : 54 deg 17' 41.27" N, 2 deg 15' 1.33" W
So from here we have a username : OWoodflint and some co-ordinates.
A quick google search of the OWoodflint gives you three profiles.
- Twitter:
Here we get the answer for:
What is this users avatar of?
Ans: cat
Another interesting thing was this tweet.
2. GitHub
The Google Search also showed a GitHub repository OWoodfl1nt/people_finder
As you can see, the Twitter handle is the same as before. So, we can be certain that it belongs to the same user.
Thus, we get the answer for the following question:
What city is this person in?
Ans: LondonWhat is his personal email address?
Ans: OWoodflint@gmail.comWhat site did you find his email address on?
Ans: GitHub
3. WordPress Site
Finally, we also find a WordPress Site
On inspecting the page, we find hidden text with colour white, this can be the password.
On reading the page, the following answers can be inferred:
Where has he gone on holiday?
Ans: New YorkWhat is this persons password?
Ans: pennYDr0pper.!
The only remaining question is
Whats the SSID of the WAP he connected to?
We already have the BSSID from the tweet and we also know that the user is located in London. So, if we search the BSSID on https://wigle.net/ and focus on the London region.
So, answer is UnileverWiFi
Follow on Medium and Twitter for more walkthroughs and updates!