Hello everyone and welcome back!
This is a short description with steps for the video I’ve made.
First challenge – missing in action (HTB)
Look up “Roland Sanches, Birmingham” on google
Find Wix site, twitter site and linkedin
Visit all of it, check for info
On linkedin find Egotistical bank – so we can look up the bank
on google
On his wix website he mentions holidays and leaves some description as well
as more stuff
Next we look up google further and find out that there is a comment from
roland Sanches on Tamper at Sellers Wheel on Foursquare website. Thats
where the flag is
Second Challenge – Tryhackme’s OhSINT
Download the image and look up exif data on it using exiftool. Otherwise use something
like “strings” on linux – try to find anything useful. We find coordinates which lead to nothing we want
and we find copywright info and we look that up – that leads us to a lot of things,
one of them is twitter, the other is a wordpress website. On twitter we find an answer to the first solution
as well as a BSSID (for the home wifi network of the victim)
Then we look up that BSSID on Wigle.net – There we can find 2 of the next answers
The personal email is found on github
so that answers the next two questions
The final solutions are found on his website (password – hidden text in the website)
and the location where he has gone on holiday is also on the website (not hidden)
Third challenge – hackthebox (Google’s) ID EXPOSED, Find the ID of the person and use it to track them down over their open google services.
Person ID : 117395327982835488254
Add that to one of the URLs and find the one that works:
google.com/maps/contrib/
get.google.com/albumarchive/
google.com/maps/contrib/
This only works if they have an opened account – if they enabled these services to be visible.
And thats it ! If you have any questions feel free to let me know!
I hope you enjoyed and have a nice day!
