TryHackMe — Advent of Cyber 2 — Day 14
Good morning everyone,
Today’s task is related to OSINT from TheCyberMentor. This will be an interesting task for me as I haven’t done a ton of OSINT. Anyhow, let’s begin.
Task 1:
While hunting and searching for any hints or cluesSanta uncovers some details and shares the newsRudolph loved to use Reddit and browsed aplentyHis username was 'IGuidetheClaus2020'
I’m going to begin with a search on sherlock for that username and see what else pops up.
We got around 10 hits on sherlock most of which didn’t have any validity to them, false positives. Using the reddit account, we can answer the first 5 questions. I’ll let you do a little search around on reddit as the first few questions are easy to answer.
To find the twitter handle, don’t overthink it. Maybe just try searching for it inside twitter… But beware, it appears there is a troll in the mist. Someone made another closely related twitter that won’t work for the answers.
For Question 3: Rudolph mentions Robert. Can you use Google to tell me Robert’s last name? Don’t overthink it, like I did. Simple search..
For the next few questions, we are using the new twitter account to answer them.
Next Question: Based on Rudolph’s post history, he took part in a parade. Where did the parade take place?
Let’s try a reverse image search on both of the photos posted. Worked right away.
In another post, he upload a better version of the photo. Let’s try and use the exif tool to see what is left behind on the photo data.
We have location data still on there and a flag. I had to change the format of the GPS data to finish the question, if you use the hint, it will show you the format you need.
Next Question: Has Rudolph been pwned? What password of his appeared in a breach?
We can utilize the resources in https://haveibeenpwned.com/ and https://scylla.sh/api to check the breaches he has been in and if the password has been hashed out. With those two we can answer a few more questions..
For the final question: Based on all the information gathered. It’s likely that Rudolph is in the Windy City and is staying in a hotel on Magnificent Mile. What are the street numbers of the hotel address?
We can use the EXIF location data with google maps and take a look at nearby hotels. And that about wraps it up for this challenge. I enjoyed this, was not in my ballpark so it was fun.
As always, best of luck. If you enjoy my content, feel free to add me on LinkedIn and let me know you saw the blog.
Until next time,
-3lduderino
