[1.2: TryHackMe OhSINT Writeup]

This is the header for the room. Note: You get a really sweet badge after you finish this room(will show later)

Here is the link to the challenge if you want to try em’ out:

TryHackMe | OhSINT

This room is has only 1 task(literally), so let us just jump into the writeup/walkthrough of the task

Task 1: OhSINT

first, you need to download the image given

This is the image. So far, using our eye this is basically a windows XP background pic.

Let us go through the questions:

Q1: What is this users avatar of?

This is the hint given for this question.

What is exiftool?

exiftool is basically a tool that enable you to check metadata of a file.

You need to use linux to download this tool. However, I will present to you an alternative if you don’t have a linux enviroment due to the hardware limitation.

On Linux Enviroment

Any Linux distribution (Kali, Parrot, Ubuntu, Arch etc) can be used here but for me, I will be using Kali.

The flow:

1. Download the tool using sudo apt install exiftool
2. If you download the image in windows, you need to upload the image in your cloud storage of your choice (google drive, mega, etc)
3. Download the image on the VM, usually the image located on the Download folder.
4. Navigate to the download folder (If you download the tool in the home directory, simply just type cd Download to do this)
5. Apply the tool to the picture that you’ve downloaded from the cloud storage (use exiftool <filename>)

As you can see here, the picture belongs to OWoodflint

Let see if we can get the same output using the alternative

The Alternative

We can use this tool: Jeffrey’s Image Metadata Viewer

This is the interface of the interface. Basically if you want to see image metadata in your browser, this is the tool that can help you on that.

The flow:

1. Upload the image file
2. Tick the Captcha box
3. Press button “View Image Data”

This is the output for the picture we’ve download before. As you can see, this pic belongs to OWoodflint (which is the same output as the one in Linux)

What do we got if we google OWoodflint?

There are 3 account linked to the name. One in Twitter, One in Github and One blog.

Here is the links to all the account:

the twitter profile

the github profile

the blog

Our best bet to see avatar image among these three account is Twitter.

Let us open that:

this is the Twitter of OWoodflint. The Profile Pic is Cat

A1: Cat

Q2: What city is this person in?

This is the hint for this question

Ok, we need to find BSSID and use Wigle.net to search the BSSID.

BSSID is basically your router’s ID.

Wigle.net is a search engine to search network related items.

For BSSID, we just need to scroll down the twitter to found this tweet:

the tweet that shows BSSID. Don’t do this IRL.

Ok, for wigle.net

1. register to the website (you can put dummy account in here)
2. Go to View > Basic Search

this is the Basic Search. As you can see here, it dosen’t work at all. We need to use the Advanced Search

3. Use Advanced Search

This is the Advanced Search, just paste the BSSID and query em’

This is what you got, just open the map.

As you can see, it is in the middle of London

A2: London

Q3:Whats the SSID of the WAP he connected to?

well, checking back the query we’ve got our answers already :)

A3: UnileverWiFi

Q4: What is his personal email address?

We can’t find the email on Twitter.

So, let us open the github account:

Well, we found em’ already :)

A4: OWoodflint@gmail.com

Q5: What site did you find his email address on?

Referring the question above, the answer is Github

A5: Github

Q6: Where has he gone on holiday?

We can’t found the answer in Github and Twitter.

Now, let us open the blog:

So, it is quite clear that he is in New York for holiday

A6: New York

Q7: What is this persons password?

So, in this situation you need to inspect the website.

Plainly speaking, you just opening the source code of the website

Just press F12 for that or right click > View Page Source

scroll the source code untill you got this.

A7: pennYDr0pper.!

We are done with the room.

So, you will get this badge:

Pretty cool right?

This room compared to other room in this series is really short so if you feelin’ lazy, this is for ya’

Thanks for reading this writeup/walkthrough. Just message me on Twitter (@thisisfinx) if there is any error or improvement that I can do here.