Open in app

Sign up

Sign in

Write

Sign up

Sign in

OhSINT TryHackMe Writeup | By Xploit Ayush

Xploit Ayush ☠️
InfoSec Write-ups
Published in
4 min readJan 16, 2023

--

Are you able to use open source intelligence to solve this challenge?

What is OSINT in cyber security?

What is OSINT? Open-source intelligence, or OSINT, refers to the process of gathering information from public, legal data sources to serve a specific function. Some open sources might include social media, blogs, news, and the dark web.

The challenging room in the beginners path the in OhSINT in Tryhackme.

Meanwhile, the whole concept of this room is using free tools to find information only based in the picture provided by the room’s author.

So let's checkout

STEP 1 > Download the picture & Getting Metadata of the picture

We can easily get a file metadata using a tool called ExifTool.

You can access Exiftool

To start with we can check the metadata of the image file. We found a Copyright with a name OWoodflint.

STEP 2 > Google Dorking to Find more information

Open and check these 3 links.

  1. What is this user’s avatar of?

First we check Twitter

Answer: Cat

2. What city is this person in?

The user is mentioned BSSID, what is it? The BSSID is the MAC address of the radio interface the client device is currently connected to.

there is a website Wigle.net on which we can search the location of BSSID.

If you zoom out in the map you’ll be able to see a purple point on London.

Answer: London

3. Whats the SSID of the WAP he connected to?

if you zoom in all the way to the max (very important), at that point on London, you’ll be able to see the SSID of the WAP he connected to.

Answer: UnileverWIFI

4. What is his personal email address?

Back to those 3 links we found on Google you’ll be able to find his personal email on the Github that we found in our search.

Answer: OWoodflint@gmail.com

5. What site did you find his email address on?

We found the email address on GitHub.

Answer: Github

6. Where has he gone on holiday?

This flag also is located in one of those three links we found on Google. If you read his only blog post you’ll find where he’s spending his holiday.

Answer: New York

7. What is this persons password?

This flag was the hardest in this room. To find this flag you’ll have to inspect the blog source code, we need a magnifier to check

And yes there we found a weird string that looks like the password

Answer: pennYDr0pper.!

Now we have all our Answers let’s submit it and we have successfully completed our CTF !!

Keep Trying, Keep Working :)

Thank you for Reading!!

Happy Hacking

Follow me more to get more tips and tricks! 🙏

Author: Xploit Ayush
Osint
Tryhackme
Cybersecurity
Tips
Htb Thm

--

--

Xploit Ayush ☠️
InfoSec Write-ups
Follow

Written by Xploit Ayush ☠️

186 Followers

Enjoys learning about the cyber security field, especially doing hands-on penetration testing and ethical hacking as a hobby.

Follow

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams