A “doxing” style challenge where you’re given an image and have to figure out information about the user.

Task 1# OHSint

1. What is this users avatar of?

We’re given the clue “exiftool” is your best friend. I didn’t have this installed on Kali, but it’s accessible to download with sudo apt install exiftool.

Then, we can run exiftool WindowsX-P.jpg to grab the image metadata.

image 46

Notably, the user copyrighted the image with their username. Lets google it.

Here we can find the user’s Twitter account, lets check it out.

image 47
image 48

2. What city is this person in?

The person tweeted their wifi BSSID.

image 49

I used a BSSID finder to map out where the AP is. Wigle is the first option on Google.

image 50

Use the Map link in the header navigation.

image 51

Then, zoom all the way out so I can see the world.

image 52

In the filter box, paste the BSSID.

image 53

They’re in the UK, probably London. But let’s zoom in.

image 54

3. What is the SSID of the WAP he used?

image 55

After zooming in even further, found the SSID of the WAP(wireless access point).

4. What is his personal email address?

By searching his twitter URL, found other social profiles. Github is second result.

image 56

He posted his email address on Github in his project’s README.md.

image 57

5. What site did you find his email on?

See previous.

6. Where has he gone on holiday?

He has a personal blog. And we can see where he’s gone on holiday from the Google rich snippet when Googling his handle.

image 58

7. What is this person’s password?

Notably, we can also see his password in his blog’s Google snippet.

image 59

Author

Leave a Reply