{"id":1844,"date":"2025-03-18T13:16:10","date_gmt":"2025-03-18T17:16:10","guid":{"rendered":"https:\/\/www.peteonsoftware.com\/?p=1844"},"modified":"2025-03-18T13:16:10","modified_gmt":"2025-03-18T17:16:10","slug":"tryhackme-room-walkthrough-ohsint","status":"publish","type":"post","link":"https:\/\/www.peteonsoftware.com\/index.php\/2025\/03\/18\/tryhackme-room-walkthrough-ohsint\/","title":{"rendered":"TryHackMe Room Walkthrough: OhSINT"},"content":{"rendered":"

\"WhatToday’s room is called OhSINT<\/a>. It is another Free Room on TryHackMe, which means that anyone can follow along with me as long as you sign up for a free account. The point of this room is to show you some of the very basics of OSINT (Open-Source Intelligence), which is the process of gathering and analyzing publicly available information to gain insights and intelligence on a subject or target.<\/p>\n

Note: This room was updated 2\/1\/2024, so this walkthrough will probably be different from others if you’re Googling around and found someone who did it closer to release date. This is noted in the room itself.<\/em><\/p>\n

In this one, we only have an image to go off of. Let’s start with the basics and read the metadata on the image.<\/p>\n

\r\n$ exiftool WindowsXP_1551719014755.jpg\r\nExifTool Version Number         : 13.00\r\nFile Name                       : WindowsXP_1551719014755.jpg\r\nDirectory                       : .\r\nFile Size                       : 234 kB\r\nFile Modification Date\/Time     : 2025:03:08 15:53:27-05:00\r\nFile Access Date\/Time           : 2025:03:08 15:54:52-05:00\r\nFile Inode Change Date\/Time     : 2025:03:08 15:54:52-05:00\r\nFile Permissions                : -rw-r--r--\r\nFile Type                       : JPEG\r\nFile Type Extension             : jpg\r\nMIME Type                       : image\/jpeg\r\nXMP Toolkit                     : Image::ExifTool 11.27\r\nGPS Latitude                    : 54 deg 17' 41.27\" N\r\nGPS Longitude                   : 2 deg 15' 1.33\" W\r\nCopyright                       : OWoodflint\r\nImage Width                     : 1920\r\nImage Height                    : 1080\r\nEncoding Process                : Baseline DCT, Huffman coding\r\nBits Per Sample                 : 8\r\nColor Components                : 3\r\nY Cb Cr Sub Sampling            : YCbCr4:2:0 (2 2)\r\nImage Size                      : 1920x1080\r\nMegapixels                      : 2.1\r\nGPS Latitude Ref                : North\r\nGPS Longitude Ref               : West\r\nGPS Position                    : 54 deg 17' 41.27\" N, 2 deg 15' 1.33\" W\r\n<\/pre>\n
Question 1<\/h3>\n
Searching for the user that has the copyright, “OWoodflint”, I found this Twitter\/X profile here<\/a>.<\/p>\n
What is this user’s avatar of?<\/strong> – Cat<\/em><\/p>\n
Question 2<\/h3>\n
In this person’s tweets, they have one that says: <\/p>\n
\r\nFrom my house I can get free wifi ;D\r\n\r\nBssid: B4:5D:50:AA:86:41 - Go nuts!\r\n<\/pre>\n
BSSID is “Basic Service Set Identifier” and is a unique ID to identify a wifi access point.  <\/p>\n
If I search bssid lookup, the first result is WiGLE: Wireless Network Mapping at https:\/\/wigle.net<\/a>.  Okay, let’s check that out.  I put the BSSID in the search on the right of the page and hit Filter and my map didn’t change (except all of the dots that had been on there are now gone).  My guess was maybe this left *ONLY* that network on the map, so I zoomed all the way out and saw a dot in Europe.  I zoomed in and it is in London.  This could be me not knowing how to use the site, but it worked.<\/p>\n
What city is this person in?<\/strong> – London<\/em><\/p>\n
Question 3<\/h3>\n
Same site, just get the info of that point.<\/p>\n
What is the SSID of the WAP he connected to?<\/strong> – UnileverWiFi<\/em><\/p>\n
Question 4<\/h3>\n
Back to googling the username.  The first result for me was https:\/\/github.com\/OWoodfl1nt\/<\/a>  I know people associate their emails on GitHub sometimes, so I went into there.  In the readme of his people_finder project, it says “Project starting soon! Email me if you want to help out: OWoodflint@gmail.com”<\/p>\n
What is his personal email address?<\/strong> – OWoodflint@gmail.com<\/em><\/p>\n
Question 5<\/h3>\n
What site did you find his email address on?<\/strong> – GitHub<\/em><\/p>\n
Question 6<\/h3>\n
I didn’t see anything about a holiday\/vacation on X\/Twitter or GitHub, so back to the google search.  It also returns his blog at https:\/\/oliverwoodflint.wordpress.com\/<\/a>  His first – and apparently only – post has the answer.<\/p>\n
Where has he gone on holiday?<\/strong> – New York<\/em><\/p>\n
Question 7<\/h3>\n
I actually found this one multiple places on the internet because of this challenge, but not the intended places.  So I’m going to work this as intended.  From google, basically I just have these three sites: X\/Twitter, GitHub, and his blog.  Since this is an OSINT challenge, I don’t expect they want us to try to crack his wordpress site.  So, in true CTF-style thinking, I went looking for clues in his blog’s HTML source.  I scrolled down and found this:<\/p>\n
<p style="color:#ffffff;" class="has-text-color">pennYDr0pper.!<\/p><\/p>\n
Given the HTML, that would mean that it is actually on his site visible except that the text is the same color as the background.  And sure enough:<\/p>\n
\"An<\/p>\n
What is the person’s password?<\/strong> – pennYDr0pper.!<\/em><\/p>\n
That’s it.  Just a fun little very introductory primer on using search engines and social profiles to do some very basic OSINT and show you the beginning of what’s possible.  Any questions, let me know.<\/p>\n","protected":false},"excerpt":{"rendered":"
Today’s room is called OhSINT. It is another Free Room on TryHackMe, which means that anyone can follow along with me as long as you sign up for a free account. The point of this …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[153],"tags":[141,142,158],"class_list":["post-1844","post","type-post","status-publish","format-standard","hentry","category-capture-the-flag","tag-information-security","tag-infosec","tag-osint"],"_links":{"self":[{"href":"https:\/\/www.peteonsoftware.com\/index.php\/wp-json\/wp\/v2\/posts\/1844","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.peteonsoftware.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.peteonsoftware.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.peteonsoftware.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.peteonsoftware.com\/index.php\/wp-json\/wp\/v2\/comments?post=1844"}],"version-history":[{"count":0,"href":"https:\/\/www.peteonsoftware.com\/index.php\/wp-json\/wp\/v2\/posts\/1844\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.peteonsoftware.com\/index.php\/wp-json\/wp\/v2\/media?parent=1844"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.peteonsoftware.com\/index.php\/wp-json\/wp\/v2\/categories?post=1844"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.peteonsoftware.com\/index.php\/wp-json\/wp\/v2\/tags?post=1844"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}