TryHackMe: Ohsint — Write-Up

Figure 1.1 (Ohsint Banner)

Hi,

This article is about Ohsint capture the flag created by TryHackMe on TryHackMe. It is free room and everyone can join this room after log-in to the website.

Description: Are you able to use open source intelligence to solve this challenge?

This challenge teaches us about how we can get bulk of information available publicly by just using simple OSINT techniques and tools. Let’s get started,

In this challenge we are provided with one image to solve the challenge. First download image from link given in challenge as shown in figure 1.2:

Figure 1.2 (Download Button)

Let’s open this image to get info about image as shown in figure 1.3 below:

Figure 1.3 (Image)

It is just default Windows XP image. It seems there is no information available in image. Let check properties of this image with exiftool developed by Phil Harvey. I have paced image in the same directory as of ExifTool.exe file. After running tools we got some info as shown in figure 1.4 below:

Figure 1.4 (ExifTool Result)

Let’s analyze this result line by line and check either we can get hint or some fruitful information. After analyzing there we got a hint which is “Copyright : OWoodflint” as shown in figure 1.5 below:

Figure 1.5 (Hint)

Let’s try to search this keyword on Google. Result of google search is shown in figure 1.6 below:

Figure 1.6 (Google Search)

Here we find OWoodflint links related to twitter, github and owoodflint wordpress blog/website. Let’s Open these links one by one and search for information.

From Twitter we found information shown in figure 1.7 below:

Figure 1.7 (OWoodflint Twitter)

Now we got the first flag. Let’s find others.

From Github we find information shown in figure 1.8 below:

Figure 1.8 (OWoodflint Github)

There is also one flag we found.

Now Examine wordpess blog shown in figure 1.9 below:

Figure 1.9 (OWoodflint Wordpress)

From wordpress site we found a flag and while inspecting the code another flag came in front of us shown in figure 1.10 below:

Figure 1.10 (OWoodflint Wordpess)

Till now we are successful in getting 5 flags of the challenge and for last 2 flags we have to go to twitter again as there was an BSSID mentioned shown in figure 1.11 below:

Figure 1.11 (OWoodflint Twitter)

To check location of bssid we will use Wigle which is Wireless Network Mapping site. Go to Wigle and enter BSSID on as shown in figure 1.12 below:

Figure 1.12 (Wigle)

After processing and finding we got the remaining 2 flags shown in figure 1.13 below:

Figure 1.13 (Wigle)

Congratulations we have completed the challenge. Thankyou for being till here.

If you like this article, then please support on Patreon. So that I keep writing articles like these.