{"id":223,"date":"2023-06-22T10:51:34","date_gmt":"2023-06-22T10:51:34","guid":{"rendered":"https:\/\/justatrainingblog.co.uk\/?p=223"},"modified":"2023-06-22T10:51:35","modified_gmt":"2023-06-22T10:51:35","slug":"thm-osint-exercise","status":"publish","type":"post","link":"https:\/\/justatrainingblog.co.uk\/?p=223","title":{"rendered":"[THM] OSINT Exercise"},"content":{"rendered":"\n<p>Difficulty: Easy<\/p>\n\n\n\n<p><span style=\"text-decoration: underline;\">Objectives<\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Find the users Avatar<\/li>\n\n\n\n<li>Find where the user lives<\/li>\n\n\n\n<li>Find the SSID of their WAP<\/li>\n\n\n\n<li>Find the user&#8217;s email address<\/li>\n\n\n\n<li>Find where the user has gone on holiday<\/li>\n\n\n\n<li>Find the users&#8217; password<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<p>To start this task we are provided with an image. The image is of the <a href=\"https:\/\/drive.google.com\/file\/d\/1vOKrWeemPSBhaayBn8NqJuulcjCP4zFY\/view?usp=sharing\" title=\"\">Windows XP Background<\/a>. <\/p>\n\n\n\n<p><span style=\"text-decoration: underline;\">Step 1 &#8211; Analysing the Image<\/span><\/p>\n\n\n\n<p>Since all we have is the image to work off we&#8217;ll start by checking the metadata of the image. A reverse image search may also pull results, however since it&#8217;s such a popular image it&#8217;ll be more like looking for a needle in a haystack. <\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img fetchpriority=\"high\" decoding=\"async\" width=\"592\" height=\"461\" src=\"https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-56.png\" alt=\"\" class=\"wp-image-224\" srcset=\"https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-56.png 592w, https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-56-300x234.png 300w\" sizes=\"(max-width: 592px) 100vw, 592px\" \/><\/figure>\n\n\n\n<p>Exiftool provides us with the image metadata. There&#8217;s quite a lot of useful information here including creation date, GPS positioning and the Copyright which looks like a online persona. <\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><span style=\"text-decoration: underline;\">Checking the Web<\/span><\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img decoding=\"async\" src=\"https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-57.png\" alt=\"\" class=\"wp-image-225\" width=\"560\" height=\"469\" srcset=\"https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-57.png 949w, https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-57-300x252.png 300w, https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-57-768x644.png 768w, https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-57-850x713.png 850w\" sizes=\"(max-width: 560px) 100vw, 560px\" \/><\/figure>\n\n\n\n<p>A Google search shows us a few relevent results including a Twitter handle, a WordPress site and Github project. <\/p>\n\n\n\n<p><span style=\"text-decoration: underline;\">Twitter<\/span><\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img decoding=\"async\" src=\"https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-58.png\" alt=\"\" class=\"wp-image-226\" width=\"386\" height=\"500\" srcset=\"https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-58.png 606w, https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-58-232x300.png 232w, https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-58-300x389.png 300w\" sizes=\"(max-width: 386px) 100vw, 386px\" \/><\/figure>\n\n\n\n<p>The users Twitter is fairly sparse, however we can see that he&#8217;s shared his home Wifi BSSID (or at least one close to his home!). Searching this in <a href=\"https:\/\/wigle.net\/\" title=\"\">WiGLE <\/a>shows a location in London. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"248\" src=\"https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-59-1024x248.png\" alt=\"\" class=\"wp-image-227\" srcset=\"https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-59-1024x248.png 1024w, https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-59-300x73.png 300w, https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-59-768x186.png 768w, https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-59-1536x372.png 1536w, https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-59-850x206.png 850w, https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-59.png 1835w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Backtracking we&#8217;ll now visit his Github page. There isn&#8217;t a lot here and the readme is sparse, however it does provide us with his email hitting objective 4.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"530\" src=\"https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-60-1024x530.png\" alt=\"\" class=\"wp-image-228\" srcset=\"https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-60-1024x530.png 1024w, https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-60-300x155.png 300w, https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-60-768x397.png 768w, https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-60-1536x795.png 1536w, https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-60-850x440.png 850w, https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-60.png 1575w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Last up is the WordPress site. Our only remaining objective is the users password. Github and Twitter have both been examined and eliminated as possibilities which leaves us with the WordPress Site<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-61.png\" alt=\"\" class=\"wp-image-229\" width=\"458\" height=\"446\" srcset=\"https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-61.png 803w, https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-61-300x292.png 300w, https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-61-768x748.png 768w\" sizes=\"(max-width: 458px) 100vw, 458px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-63.png\" alt=\"\" class=\"wp-image-231\" width=\"377\" height=\"432\" srcset=\"https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-63.png 775w, https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-63-262x300.png 262w, https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-63-768x880.png 768w, https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-63-300x344.png 300w\" sizes=\"(max-width: 377px) 100vw, 377px\" \/><\/figure>\n\n\n\n<p>A very basic site with not much information. The only place we would find additional details would be in the source code. <\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"674\" height=\"353\" src=\"https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-64.png\" alt=\"\" class=\"wp-image-232\" srcset=\"https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-64.png 674w, https:\/\/justatrainingblog.co.uk\/wp-content\/uploads\/2023\/06\/image-64-300x157.png 300w\" sizes=\"(max-width: 674px) 100vw, 674px\" \/><\/figure>\n\n\n\n<p>There we go. In the source code we have something that looks very much like a password.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><span style=\"text-decoration: underline;\">Summary<\/span><\/p>\n\n\n\n<p>Overall the exercise was not too difficult, although inspecting the source code manually took a lot longer than expected. It may be that there is some tool I am unaware of which can automate the process. The rest was quite simple and it felt like the scenario led me where I needed to go to get the correct answers, so definitely easy compared to a real life example.  <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Difficulty: Easy Objectives To start this task we are provided with an image. The image is of the Windows XP&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[11,6,3],"tags":[],"class_list":["post-223","post","type-post","status-publish","format-standard","hentry","category-osint","category-practice","category-tryhackme"],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/justatrainingblog.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/223","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/justatrainingblog.co.uk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/justatrainingblog.co.uk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/justatrainingblog.co.uk\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/justatrainingblog.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=223"}],"version-history":[{"count":1,"href":"https:\/\/justatrainingblog.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/223\/revisions"}],"predecessor-version":[{"id":233,"href":"https:\/\/justatrainingblog.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/223\/revisions\/233"}],"wp:attachment":[{"href":"https:\/\/justatrainingblog.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=223"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/justatrainingblog.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=223"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/justatrainingblog.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=223"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}