TryHackMe -ohSINT
How much information can we gather from just one picture?
Information Gathering
Before starting Task 1, we are asked to download a file. This file is a JPG file called “WindowsXP”, and when we open it, we are quick to recognize this iconic picture.
The first question asked is “what is this users avatar?”. But the real question is, what user? The hint points us to a tool called “ExifTool”, so what can we do with it? ExifTool is an open-source software that allows us to read, write and edit metadata from a wide variety of files. Let’s download and test it on the picture we just downloaded.
By dragging the WindowsXP picture into the ExifTool we get a command-prompt with a lot of useful information.
In the hint they ask us if we can find the name of the author of the picture and if they have a social media account. Looking at the information we got from the tool we just ran, we can see what looks like a name in the Copyright section: “Owoodflint” - let’s search for this name.
We found one social media account, and the answer for our first question regarding the avatar used by the author. We can also see that Woodflint is giving us a number called BSSID. A quick research shows that the BSSID is basicaly a MAC address for the Access Point he is connecting to. We can use a tool called Wigle.net in order to find the exact location of this AP.
Now we also have SSID of the WAP! Moving on to the next step, we need to find anything related to the city this person lives in.
The second social media page we can find related to this “Woodflint” is a Wordpress blog. Opening this page, we get yet another obvious answer, this time for the question “Where has he gone on Holiday?”.
Moving to the last social media, we have a GitHub page. Here, we found information like the e-mail and current location of the author.
The only thing that’s left is the user’s password. Going back to the social media pages, we are unable to see anything worthwhile at the first look. Maybe there is something hidden?
Let’s take a closer look at the only page where the author really had full control of the page, meaning that he could have hidden something, the blog in Wordpress. A quick inspection of the source-code made something pop out! Are you really hidden your password in plain HTML?!?!
Conclusion
Even though this was a very basic room, it showed that there is too many hidden information that can be gathered in order to build a bigger picture. This means that we need to be careful/mindful of the traces we leave behind!
