OhSINT - TryHackMe Walkthrough
OhSINT - TryHackMe Walkthrough
An OSINT (Open Source Intelligence) challenge where you extract information from a single image to uncover details about a person's online presence.
Room URL: https://tryhackme.com/room/ohsint
Difficulty: Easy
Category: OSINT (not a traditional boot2root)
Tools & Techniques Used
- exiftool (image metadata extraction)
- Google dorking
- Wigle.net (WiFi geolocation)
- Social media investigation (Twitter, GitHub, personal blog)
Step-by-Step Walkthrough
1. Analyze the Image
Download the provided image (WindowsXP.jpg) and extract metadata using exiftool:
exiftool WindowsXP.jpgKey finding:
Copyright: OWoodflintThis is our starting point for OSINT investigation.
2. Google the Username
Search for OWoodflint on Google. You'll find several profiles:
- Twitter: @OWoodflint
- GitHub: OWoodflint
- Personal Blog: oliverwoodflint.wordpress.com (or similar)
3. Twitter Investigation
Visit the Twitter profile. Key findings:
- Avatar: Cat picture (answers Q1)
- BSSID mentioned in a tweet:
B4:5D:50:AA:86:41
The BSSID is a MAC address of a wireless access point — this will be useful later.
4. GitHub Investigation
Visit the GitHub profile. Key findings:
- City: London (answers Q2)
- Email: OWoodflint@gmail.com (answers Q4)
- Platform where email was found: GitHub (answers Q5)
5. Wigle.net - WiFi Geolocation
Use the BSSID from Twitter to find the WiFi network name.
- Go to wigle.net
- Create an account (free)
- Go to View → Advanced Search
- Enter the BSSID:
B4:5D:50:AA:86:41 - Search and zoom into the map marker
Found SSID: UnileverWiFi (answers Q3)
6. Blog Investigation
Visit the personal blog. Key findings:
- Holiday destination mentioned: New York (answers Q6)
- Inspect the HTML source — there's hidden text (white text on white background)
- Password hidden in source: pennYDr0pper.! (answers Q7)
To find the hidden password:
curl https://oliverwoodflint.wordpress.com/ | grep -i passwordOr use browser Developer Tools (F12) → inspect the page elements.
Answers Summary
| Question | Answer |
|---|---|
| 1. What is this user's avatar of? | cat |
| 2. What city is this person in? | London |
| 3. What's the SSID of the WAP he connected to? | UnileverWiFi |
| 4. What is his personal email address? | OWoodflint@gmail.com |
| 5. What site did you find his email address on? | GitHub |
| 6. Where has he gone on holiday? | New York |
| 7. What is this person's password? | pennYDr0pper.! |
Key Takeaways
- Image metadata often contains valuable information (author, GPS coordinates, copyright)
- exiftool is essential for extracting metadata from images
- Wigle.net can geolocate WiFi access points using BSSID
- Always inspect page source — hidden text and comments may contain secrets
- Username pivoting — one username can lead to multiple platforms
- OSINT skills are crucial for initial reconnaissance in real-world pentesting
OSINT Tools Reference
| Tool | Purpose |
|---|---|
| exiftool | Extract image/file metadata |
| Wigle.net | WiFi network geolocation |
| Google Dorking | Advanced search queries |
| Sherlock | Find usernames across platforms |
| theHarvester | Email and subdomain enumeration |
| Maltego | Visual link analysis |
💬 Join our Discord community: https://discord.gg/CVpyqCek