Difficulty: Easy

Objectives

• Find the users Avatar
• Find where the user lives
• Find the SSID of their WAP
• Find the user’s email address
• Find where the user has gone on holiday
• Find the users’ password

To start this task we are provided with an image. The image is of the Windows XP Background.

Step 1 – Analysing the Image

Since all we have is the image to work off we’ll start by checking the metadata of the image. A reverse image search may also pull results, however since it’s such a popular image it’ll be more like looking for a needle in a haystack.

Exiftool provides us with the image metadata. There’s quite a lot of useful information here including creation date, GPS positioning and the Copyright which looks like a online persona.

Checking the Web

A Google search shows us a few relevent results including a Twitter handle, a WordPress site and Github project.

Twitter

The users Twitter is fairly sparse, however we can see that he’s shared his home Wifi BSSID (or at least one close to his home!). Searching this in WiGLE shows a location in London.

Backtracking we’ll now visit his Github page. There isn’t a lot here and the readme is sparse, however it does provide us with his email hitting objective 4.

Last up is the WordPress site. Our only remaining objective is the users password. Github and Twitter have both been examined and eliminated as possibilities which leaves us with the WordPress Site

A very basic site with not much information. The only place we would find additional details would be in the source code.

There we go. In the source code we have something that looks very much like a password.

Summary

Overall the exercise was not too difficult, although inspecting the source code manually took a lot longer than expected. It may be that there is some tool I am unaware of which can automate the process. The rest was quite simple and it felt like the scenario led me where I needed to go to get the correct answers, so definitely easy compared to a real life example.