OhSINT
This guide contains the answer and steps necessary to get to them for the OhSINT room.
OhSINT
Lets examine the image we downloaded with Exiftools to see if there is anything interesting embedded in the file.
We find a name here, which we can lookup on Google. Here we find a hit for someones Twitter, Blog site, and Github page.
There are also other tools we can use. Such as reverse image search. But since this is a classic windows background, there will probably be a lot of noise. Also steghide could be interesting.
- What is this users avatar of?
Looking at his Twitter page, we can find his avatar.
Click for answer
cat
- What city is this person in?
This can be found on his Github page or trough Wigle by finding the 'free' network at his house.
Click for answer
London
- Whats the SSID of the WAP he connected to?
To find out his SSID, we can use the BSSID we found on his Twitter page. Using https://wigle.net we can lookup where this network is located and get an SSID from there.
This also confirms that he lives in London.
Click for answer
UnileverWiFi
- What is his personal email address?
This is also present on his Github page.
Click for answer
OWoodflint@gmail.com
- What site did you find his email address on?
We found it on his Github page.
Click for answer
Github
- Where has he gone on holiday?
Looking at his blog page, it looks like he was indeed on a trip.
Click for answer
New York
- What is this persons password?
This one took me a little longer to figure out (but in hindsight it was dead simple). I looked around on his webpage and Github page for any comments or changes he made to his repository that could contain a password. Also looking for hidden directories yielded nothing directly (more on that later).
Then I also looked at the source code of the web page and found something that looked like a password. Seems like it was hidden in plain site. As mentioned before, the atom folder found by Dirbuster contained a file which also had the password in it.
Click for answer
pennYDr0pper.!