Room Platform: TryHackMe
Room Link: https://tryhackme.com/room/ohsint
Someone had said true, “Recon is the key to gain unauthorized root access to the server”. And that someone is me only.
Recon is the first, and the most important step of hacking. This room helps you understand OSINT, which is one of the most important step of Recon. So let’s start our computers in root and gain root access to the servers.
Firstly, we download the task file, which looks something like one below:-
What comes to your mind after seeing this picture, Windows XP desktop image, but here this won’t work. So as it’s an image, the first thing you hav to do is to get any exif data in it. So, for this, you can run command “exiftool </path/to/image>”
You will get something like this after running the command:-
So here, we see a Copyright Data with value as OWoodflint. So, we have to search it on google.
Here, we see three useful URL’s. Let’s open them one by one.
So here, we can see that there are some information to be noted. But where to note them? Let’s try answering some questions:-
Q: What is this users avatar of?
A: See the profile image and tell what is it of
Q: What is his personal email address?
A: See README.md on github of victim
Q: Where has he gone on holiday?
A: See the wordpress blog
Q: What site did you find his email address on?
A: What is the name of the site you’ve found email on
Now, as we’ve found a website, we should make a trip to its code.
We can see that’s something which is a bit random. Let’s try again answering a question
Q: What is this persons password?
A: What’s the random text you’ve found
Now, as we’ve found a twitter and a github, let’s see that what is useful for us.
Woop Woop! We’ve found a BSSID of the WiFi the victim is connected to.
Now, if we’ll see the hint of the last question left,
So, wigle.net seems like a link. Let’s try opening it.
Woop Woop! Its a live site. It’s a good habit to just make a full site trip to know what are its function.
We’ve found a search page. Now if you remember, there was a BSSID of WiFi we got. But it’s asking for login, so let’s create an account, and come back and see what’s it is.
So, with this page, we can get the WiFi SSID with entering it’s some details. So let’s enter the BSSID we’ve found and see what it returns.
HeHeHe… We’ve found the SSID. Now I think that we can answer the last two questions left.
Q: Whats the SSID of the WAP he connected to?
A: What is the SSID you’ve found
Q: What city is this person in?
A: Click on map icon. What location you get
Now, I hope that you have liked the writeup!
!!! Thanks for reading !!!