OhSINT — TryHackMe Writeup (2022)

Larry Dennis Lumban Toruan
4 min readApr 5, 2022

“Are you able to use open source intelligence to solve this challenge?”

OhSINT Room Logo

OhSINT is one of the free challenge type rooms at TryHackMe. It is mainly about practicing OSINT (Open Source Intelligence) geared towards beginner. The entire task in this room is plain simple, find any information that is meaningful.

#1 What is the user’s avatar ?

Before we could actually know this answer, we have to extract some related information provided by the task’s picture. The picture itself not really worth to be checked, just an old Windows XP main desktop wallpaper (ooh.. I still remember those old days 😏). We begin by examining the metadata / additional information of the picture. Using ExifTool, we could obtain the name and a GPS coordinate.

command : exiftool [COMPLETE_FILE_NAME]

After searching the name of “OWoodflint” with our lovely Google search engine, a twitter account appears to have the same username. What is more interesting is the tweets that reveal a MAC address of a WiFi. This would provide a useful clue later.

at.OWoodflint

Answer : Cat

#2 What city is this person in ?

Previously, we already obtained a GPS coordinate and a MAC address. The GPS coordinate is not the actual clue for locating the city, but the MAC address does.

Maybe this person is in England ?

We will try searching the device location by using WiGLE. The website provides a mapper for many of the wireless networks around the globe. First, we create an account before entering any MAC address as the app would not give any information about the device location that we are going to search. After creating an account, enter the MAC address and click ‘Filter’.

There it is !

The filters would exclude any non-related MAC address and shows the only MAC address entered. The result is that the device is located in the city of London.

Answer : London

#3 What is the SSID name of the WAP this person connected to ?

The WiGLE app also provide the SSID name of this device. Zooming in would show the SSID name, although the texts are hard to be read.

Device’s SSID

Answer : UnileverWiFi

#4 What is this person’s personal email address ?

Previous search using Google search engine give us some top results like a Github page and a Wordpress blog. Looking over to the Github page, a repository belonging to “OWoodfl1nt” named “people_finder” provide us an email address inside the README.md file.

Answer : Owoodflint@gmail.com

#5 What site did we find this person’s personal email address on ?

We have found this person’s email address from a Github page with a repository named “people_finder” belonging to “OWoodfl1nt”.

README.md

Answer : Github

#6 Where has this person gone on holiday ?

Looking over the Wordpress blog, the article’s content stated that this person has gone for a holiday in a city of New York.

Answer : New York

#7 What is this person’s password ?

The question itself should not really be taken too serious. We are not going to do some complex hacking or any rigorous and time consuming password cracking. Looking back at the Wordpress blog, there is a line of text that seems to be hidden by the blog’s background color. What’s even strange is that the first text results from previous search shows the same odd text.

Answer : pennYDr0pper

Select all the texts

That is all for the solutions of the challenge room. By doing this challenge, we would gain some practical knowledge on how to utilize our analyzing skills when doing OSINT.

--

--