OhSINT TryHackMe Walkthrough

What information can you possible get with just one image file?

Note: This challenge was updated on 2024–02–01. If you are following any older walkthroughs, expect a small change. Additionally, the file is also available on the AttackBox, under the /Rooms/OhSINT directory.

Downloading the image!

Downloaded Image from the OhSINT Box

Extracting details from it using exiftool

exiftool <image-name>

Let’s google this…

1. What is this user’s avatar of?

As per the image we can answer the question: CAT

2. What city is this person in?

GitHub Profile : https://github.com/OWoodfl1nt/people_finder

3. What is the SSID of the WAP he connected to?

Twitter Account. : https://x.com/OWoodflint/status/1102220421091463168

Details from Twitter Account Post

We got BSSID: B4:5D:50:AA:86:41, now we need to find SSID from this.

→ Getting BSSID from SSID using https://wigle.com

Extarcted Details using Wigle Website

4. What is his personal email address?

GitHub Profile : https://github.com/OWoodfl1nt/people_finder

Details extracted from Github profile README.md

5. What site did you find his email address on?

6. Where has he gone on holiday?

Check the Website : https://oliverwoodflint.wordpress.com/

Location Extracted from WordPress website

We can see the location on the Website main-page

7. What is the person’s password?

Website : Check the Soure code → https://oliverwoodflint.wordpress.com/

Password extracted by reading the website source code

Happy Hacking 🌟