TryHackMe OhSINT Writeup

Room Platform: TryHackMe

Room Link: https://tryhackme.com/room/ohsint

Someone had said true, “Recon is the key to gain unauthorized root access to the server”. And that someone is me only.

Recon is the first, and the most important step of hacking. This room helps you understand OSINT, which is one of the most important step of Recon. So let’s start our computers in root and gain root access to the servers.

Firstly, we download the task file, which looks something like one below:-

What comes to your mind after seeing this picture, Windows XP desktop image, but here this won’t work. So as it’s an image, the first thing you hav to do is to get any exif data in it. So, for this, you can run command “exiftool </path/to/image>”

You will get something like this after running the command:-

So here, we see a Copyright Data with value as OWoodflint. So, we have to search it on google.

Here, we see three useful URL’s. Let’s open them one by one.

So here, we can see that there are some information to be noted. But where to note them? Let’s try answering some questions:-

Q: What is this users avatar of?

A: See the profile image and tell what is it of

Q: What is his personal email address?

A: See README.md on github of victim

Q: Where has he gone on holiday?

A: See the wordpress blog

Q: What site did you find his email address on?

A: What is the name of the site you’ve found email on

Now, as we’ve found a website, we should make a trip to its code.

We can see that’s something which is a bit random. Let’s try again answering a question

Q: What is this persons password?

A: What’s the random text you’ve found

Now, as we’ve found a twitter and a github, let’s see that what is useful for us.

Woop Woop! We’ve found a BSSID of the WiFi the victim is connected to.

Now, if we’ll see the hint of the last question left,

So, wigle.net seems like a link. Let’s try opening it.

Woop Woop! Its a live site. It’s a good habit to just make a full site trip to know what are its function.

We’ve found a search page. Now if you remember, there was a BSSID of WiFi we got. But it’s asking for login, so let’s create an account, and come back and see what’s it is.

So, with this page, we can get the WiFi SSID with entering it’s some details. So let’s enter the BSSID we’ve found and see what it returns.

HeHeHe… We’ve found the SSID. Now I think that we can answer the last two questions left.

Q: Whats the SSID of the WAP he connected to?

A: What is the SSID you’ve found

Q: What city is this person in?

A: Click on map icon. What location you get

Now, I hope that you have liked the writeup!

!!! Thanks for reading !!!

--

--

--

<broken code>

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

The Three Most Dangerous Cities in Alberta in December

Response on General Data Protection Regulation

code background with dollar signs

LBK Bi-Weekly Operation Report (2020.08.01–2020.08.15)

Writeup: Blind OS command injection with out-of-band interaction @ PortSwigger Academy

How Certified Ethical Hackers Protect Your Business| itSynergy

Tether Props up Toxic Crypto Carousel

The Breach: An Attack Scenario

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Shriyans Sudhi

Shriyans Sudhi

<broken code>

More from Medium

Log4Shell

TryHackMe: Solar, exploiting log4j Walkthrough

TRYHACKME: URANIUM CTF WALKTHROUGH

Patch diffing CVE-2022–21907