# OhSINT ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MbMASPDiql4wbJTgJ5q%2F-MbNN2XbRYo3a9D6IsAv%2Fimage.png?alt=media\&token=430502f5-fa36-4bb3-85c4-7fc5ae085cfd) Lets look at the image they gave us to download ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MbNN9yOUBMsMZ7A1pAM%2F-MbNNd_Ob1dw00bcqtgW%2Fimage.png?alt=media\&token=7d4109ff-c89b-4017-8f8e-d79d056c4541) Its a WindowsXP Image. Lets use the tool called `exiftool` to find information on the image. ``` exiftool WindowsXP.jpg ``` ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MbNN9yOUBMsMZ7A1pAM%2F-MbNOE1CB7mEHVJ9Ykzo%2Fimage.png?alt=media\&token=8682b741-6523-4274-bad6-bda2d5a01f49) Looking through this, the image is copyrighted by a person called `OWoodflint`, lets search them up on Google. ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MbNN9yOUBMsMZ7A1pAM%2F-MbNO_ommDvrdgh7PJzr%2Fimage.png?alt=media\&token=78527d59-a9c5-4723-a5ee-77ab3ed51683) Looks like they have a blog, `twitter` account and a `gitbhub` account, lets check each one of them starting with the blog. ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MbNN9yOUBMsMZ7A1pAM%2F-MbNOqLyYUHfCQpt37PT%2Fimage.png?alt=media\&token=5ab07df8-1d82-4b7d-b7d8-2ce4163b55cb) Nothing of interest yet, lets check the source code. Looking through the source code, we find something interesting. ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MbNN9yOUBMsMZ7A1pAM%2F-MbNPE9A31UesH_wDjWp%2Fimage.png?alt=media\&token=ed47178b-6fc8-427b-9f39-b905eba9e89c) There seems to be nothing more of interest, lets go to the twitter page. ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MbNN9yOUBMsMZ7A1pAM%2F-MbNPfoLMCD063H8V0k9%2Fimage.png?alt=media\&token=9a3ec94f-f4bc-4a0e-89da-d747121bd1bd) The profile picture is that of a cat, so we can answer the first question. ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MbNN9yOUBMsMZ7A1pAM%2F-MbNPwHfG5zoJ-3ebrzf%2Fimage.png?alt=media\&token=6917da2e-2d79-488e-a603-3d0c7654eec5) In one of his tweets he tweeted his BSSID for a Wifi point near where he lives. We can use wigle.com to get more information about his location. ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MbNN9yOUBMsMZ7A1pAM%2F-MbNRSCdrIxBU6M6B15v%2Fimage.png?alt=media\&token=d020b658-3570-41e7-9c78-d88e33ece58c) We see that the location is `London`, which is the answer to the second question. ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MbNN9yOUBMsMZ7A1pAM%2F-MbNReUDXp7zhnV5pJnJ%2Fimage.png?alt=media\&token=e074393d-0609-4af6-9569-b89f5c30bbce) To get the SSID , you have to keep zooming into the map. ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MbNRfHZ3Jzj9WfSFWGZ%2F-MbNRqeQZ0NotyJPMgHN%2Fimage.png?alt=media\&token=83894424-b5ec-4dde-94db-ba6c94db8db9) The answer is `UnileverWiFi` ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MbNRfHZ3Jzj9WfSFWGZ%2F-MbNRzX9DdKvxdxMLL6y%2Fimage.png?alt=media\&token=8faff395-e250-480c-a1f6-08c562206431) We can find his email on his `github` page. ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MbNRfHZ3Jzj9WfSFWGZ%2F-MbNSCZVmq2PjMt3YxtX%2Fimage.png?alt=media\&token=fd8ff501-ad3d-4b90-b44c-a0502937ac4a) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MbNRfHZ3Jzj9WfSFWGZ%2F-MbNSJfa-PBN2emHYhxk%2Fimage.png?alt=media\&token=a74366da-cf6d-421d-acc8-d45a59782e4c) The answer to where he was right now, or where he has gone to a holiday, we can find the answer on the blog post. ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MbNSKiLUTTjXv35YX0h%2F-MbNSfwnYJ9Ypuv19-c5%2Fimage.png?alt=media\&token=afd0d8f1-3b1a-46eb-a5a6-b00cd99ee9e1) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MbNSKiLUTTjXv35YX0h%2F-MbNSkQhFLTL1gRf0svh%2Fimage.png?alt=media\&token=acf95194-20a6-4561-90cb-64fee7286b59) For the last question which is the password, we found it in the start of the room which is `pennYDr0pper.!` ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MbNSKiLUTTjXv35YX0h%2F-MbNT4b69EivWRb9NhBU%2Fimage.png?alt=media\&token=1a23b027-b0e0-4a89-a528-c46dd42b999b)