Sign in Subscribe
Try Hack Me

Try Hack Me - OhSINT

Are you able to use open source intelligence to solve this challenge?

Marios Daskalas

4 min read
Share
Try Hack Me - OhSINT
Try Hack Me

Howdy my fellow Cyber Enthusiasts! Welcome to another room Try Hack Me offers! So let's dive in! πŸ˜„ You can click on the "Start AttackBox" button for a Linux machine to be available on the right-side of your page, so you can follow this walkthrough.

So, you might wonder, what is OSINT? OSINT (Open Source Intelligence) refers to the process of collecting and analyzing information from publicly available sources to produce useful insights. These sources can include websites, social media, news articles, public records, forums, and more. It’s widely used in fields like cybersecurity, journalism, law enforcement, and business intelligence. The key idea is that the information is legally accessible to anyone, no hacking or privileged access involved, just systematic gathering and analysis to uncover patterns or facts.

πŸ’‘
What information can you possibly get with just one image file?

Let's find out! πŸ•΅οΈ Download the image and let the magic begin!

Windows XP OSINT Hidden Data

Let's start with the first question and learn about a new tool in the hacker's arsenal, exiftool.

πŸ’‘
What is this user's avatar of?

ExifTool on Linux is a powerful, command-line utility for reading, writing, and editing metadata in files especially images, audio, and video. Developed by Phil Harvey, it supports a wide range of formats (JPEG, PNG, TIFF, MP4, PDF, and more). On Linux systems, ExifTool is typically installed via package managers (like apt, dnf, or pacman) and used in the terminal. It can extract metadata (EXIF, IPTC, XMP), modify tags, batch-process files, and even rename files based on metadata.

You can run the tool in a Linux environment as such.

$ exiftool WindowsXP_1551719014755.jpg

ExifTool Version Number         : 13.50
File Name                       : WindowsXP_1551719014755.jpg
Directory                       : .
File Size                       : 234 kB
File Modification Date/Time     : 2026:05:06 21:43:18+03:00
File Access Date/Time           : 2026:05:06 21:43:41+03:00
File Inode Change Date/Time     : 2026:05:06 21:43:20+03:00
File Permissions                : -rw-rw-r--
File Type                       : JPEG
File Type Extension             : jpg
MIME Type                       : image/jpeg
XMP Toolkit                     : Image::ExifTool 11.27
GPS Latitude                    : 54 deg 17' 41.27" N
GPS Longitude                   : 2 deg 15' 1.33" W
Copyright                       : OWoodflint
Image Width                     : 1920
Image Height                    : 1080
Encoding Process                : Baseline DCT, Huffman coding
Bits Per Sample                 : 8
Color Components                : 3
Y Cb Cr Sub Sampling            : YCbCr4:2:0 (2 2)
Image Size                      : 1920x1080
Megapixels                      : 2.1
GPS Latitude Ref                : North
GPS Longitude Ref               : West
GPS Position                    : 54 deg 17' 41.27" N, 2 deg 15' 1.33" W

Search for any useful information that might help us to answer the question. We can see the author of the image. Let's try a quick search for their social media accounts.

Bingo! They have an account in x.com

πŸ’‘
What city is this person in?

From the social media account we can see the bssid of the user, as well a link to his personal website and Github account.

GitHub - OWoodfl1nt/people_finder: A new social network for taking photos in your home town.
A new social network for taking photos in your home town. - OWoodfl1nt/people_finder
GitHubOWoodfl1nt
Oliver Woodflint Blog
Photos you can relate to
Oliver Woodflint Blogowoodflint
πŸ’‘
What is the SSID of the WAP he connected to?

We discovered the bssid previously, so let's head out to a website that can help us with this task.

WiGLE: Wireless Network Mapping
Maps and database of 802.11 wireless networks, with statistics, submitted by wardrivers, netstumblers, and net huggers.
πŸ’‘
WiGLE.net (Wireless Geographic Logging Engine) is a crowdsourced platform that maps and catalogs wireless networks worldwide, including Wi-Fi access points, Bluetooth devices, and cellular towers. Users contribute data collected through wardriving apps and tools, which the site aggregates into a searchable geographic database used for wireless research, network security analysis, geolocation studies, and locating public hotspots. The project has operated since 2001 and also provides APIs and Android tools for collecting and visualizing wireless network data.

You need to create an account to proceed with the search, so please do. Then in the search function paste the bssid that we have found following the purple circle located in London.

πŸ’‘
What is his personal email address?

We discovered the answer in his Github account.

πŸ’‘
What site did you find his email address on?

Direct link with the previous answer.

πŸ’‘
Where has he gone on holiday?

Browsing through his WordPress website, we can found the answer.

Hey
Im in New York right now, so I will update this site right away with new photos! pennYDr0pper.!
Oliver Woodflint Blogowoodflint

Im in [redacted] right now, so I will update this site right away with new photos!

πŸ’‘
What is the person's password?

Just look the source code of the WordPress website. The answer is hidden here. πŸ˜„

Congratulations! You have solved this room! πŸŽ‰ πŸŽ‰ πŸŽ‰

Sign up for more like this.

Enter your email
Subscribe
A digital lab where security meets strategy, data meets insight, and psychology meets code.
Dive into CTFs, Cyber Security, Data Science, and the Human Mind.