Are you able to use open source intelligence to solve this challenge?
The challenge provides an image to be downloaded. Opening the image in an image viewer does not reveal anything special.
A quick to-do when exploring images is to check for its metadata.
Image metadata is text information related to an image file that is usually attached to the file.
It includes details relevant to the image.
This attached information can be EXIF files, IPTC files, 8BIM files or ICC files.
EXIF files hold dozens of details that can be valuable to an OSINT investigator. It can have information such as:
when the picture was taken, where it was taken, the shutter speed, the owner of the image,...
Simply, the EXIF data can be observed by checking out the Properties of the Image and navigating to the Details Panel.
This provides trivial information but does not paint the complete picture.
More can be dug up using ExifTool.
Exiftool is a powerful command-line application for reading,
writing and editing meta information in a wide variety of files.
Let's observe the image with ExifTool.
Aha! It is clear that someone holds the copyright on this image, OWoodflint. It hints to be a username.
The next step is to find if there is any information on the internet about "OWoodflint". Investigation continues!
Search "OWoodflint" on google or any search engine and try to gather meaningful data.
3 leads have been discovered connected to this username.
The Twitter account reveals the answer to the 1st question of the challenge. The user's avatar is a cat.
Other information has extracted from exif is GPS location, we can search on the map 54° 17' 41.27" N, 2° 15' 1.33" W
I don't see any information for the question, but it could be useful information in real practice
He shared a story about a free wifi on Twitter
BSSID is an unique address given to a Wireless Access Point (WAP) to recognize it.
It is similar to a MAC address on a PC.
Lucky for us, there are websites for collecting information about the different wireless hotspots around the world.
These hotspots can be identified using SSID, GPS coordinates and BSSID.
To use wigle.net, an account should be created.
Searching for OWoodflint's BSSID points us to the user's location which is London. Another question solved!
SSID is a customizable name given to a WAP. The SSID of OWoodflint's WiFi as UnileverWiFi.
It's time to explore the other search results. On his Github repo, we can found his email he left.
The next task is to find out this user's holiday location. Conveniently, the user has disclosed this in their blog.
I hope they had a great experience in New York.
The final task is to find OWoodflint's password. It is a bit trickier.
After going through the pages, again and again, searching endlessly for the password, it was placed in a basic location.
He hid it with white color right on his blog page.
I think... to the user's defense,it qualifies as a good password but sadly placed at the wrong location.
Seriously, OWoodflint, use a password manager!
finally... thanks to tryhackme for giving such a great room about osint