A “doxing” style challenge where you’re given an image and have to figure out information about the user.
Task 1# OHSint
1. What is this users avatar of?
We’re given the clue “
exiftool” is your best friend. I didn’t have this installed on Kali, but it’s accessible to download with
sudo apt install exiftool.
Then, we can run
exiftool WindowsX-P.jpg to grab the image metadata.
Notably, the user copyrighted the image with their username. Lets google it.
Here we can find the user’s Twitter account, lets check it out.
2. What city is this person in?
The person tweeted their wifi BSSID.
I used a BSSID finder to map out where the AP is. Wigle is the first option on Google.
Use the Map link in the header navigation.
Then, zoom all the way out so I can see the world.
In the filter box, paste the BSSID.
They’re in the UK, probably London. But let’s zoom in.
3. What is the SSID of the WAP he used?
After zooming in even further, found the SSID of the WAP(wireless access point).
4. What is his personal email address?
By searching his twitter URL, found other social profiles. Github is second result.
He posted his email address on Github in his project’s
5. What site did you find his email on?
6. Where has he gone on holiday?
He has a personal blog. And we can see where he’s gone on holiday from the Google rich snippet when Googling his handle.
7. What is this person’s password?
Notably, we can also see his password in his blog’s Google snippet.