[TryHackMe] OhSINT Writeup - Collect a lot of information from one image.

OhSINT stands for "open source intelligence," and is a method of obtaining new information by comparing and analyzing legally available information.
For example, identifying addresses from images on social media and identifying schools are also types of OhSINT.

This time, we will be taking on the TryHackMe Room, based on OhSINT.
"TryHackMe-OhSINT: https://tryhackme.com/room/ohsint "

Please note that the explanation is spoilers.

TryHackMe

OhSINT Are you able to use open source intelligence to solve this challenge?

Recommended reference books

How to create a hacking lab: Learning experiences from hackers in virtual environments

Author: IPUSIRON

¥2,090 (As of 15:33 on 2025/07/13 | Amazon research)

See reviews

Amazon

＼Rakuten Points Sale! /

Rakuten Market

＼5% points back! /

Yahoo Shopping

Pochip

Hacker's School

Author: IPUSIRON

¥3,850 (As of 21:11 on 07/08/2025 | Amazon research)

See reviews

Amazon

＼Rakuten Points Sale! /

Rakuten Market

＼5% points back! /

Yahoo Shopping

Pochip

Cybersecurity Programming, 2nd Edition - Learning Hackers' Thoughts with Python

Author: Justin Seitz, Author: Tim Arnold, Supervised by: Mantani Nobutaka, Translation: Arai Yu, Translation: Kakara Hirosei, Translation: Murakami Ryo

¥3,520 (As of 12:26 on 07/09/2025 | Amazon research)

See reviews

Amazon

＼Rakuten Points Sale! /

Rakuten Market

＼5% points back! /

Yahoo Shopping

Pochip

Learning systematically how to create a secure web application, 2nd edition [Reflow edition] Principles that create vulnerabilities and practices of countermeasures

Author: Tokumaru Hiroshi

¥3,520 (As of 00:44 on 2025/07/12 | Amazon research)

See reviews

Amazon

＼Rakuten Points Sale! /

Rakuten Market

＼5% points back! /

Yahoo Shopping

Pochip

What information can you get from just one photo?

The subject of this article is, "What kind of information can we obtain from just one photo?"
First, select "Download Task Files" below to download the image.

You can download images of the grasslands. This image doesn't seem to have much information. . .
From here on, let's look into various images.

What is this users avatar of?

The first question is "What is this users avatar of?".
There's too little information on images alone.

For now, I'll look at the image metadata.
Let's use ExifTool to check it out.

ExifTool is the ultimate tool for checking metadata such as images.
If you haven't installed it, please install it.

Try running the following command:

exiftool WindowsXP.jpg

The metadata looks like this:
The only information that might be relevant to users is "Copyright: OWoodflint."

ExifTool Version Number: 12.54 File Name: WindowsXP.jpg Directory: . File Size: 234 kB File Modification Date/Time: 2023:01:22 20:26:05+09:00 File Access Date/Time: 2023:01:22 20:26:26+09:00 File Inode Change Date/Time: 2023:01:22 20:36:54+09:00 File Permissions: -rw-r--r-- File Type: JPEG File Type Extension : jpg MIME Type : image/jpeg XMP Toolkit : Image::ExifTool 11.27 GPS Latitude : 54 deg 17' 41.27" N GPS Longitude : 2 deg 15' 1.33" W Copyright : OWoodflint Image Width : 1920 Image Height : 1080 Encoding Process : Baseline DCT, Huffman coding Bits Per Sample : 8 Color Components : 3 Y Cb Cr Sub Sampling : YCbCr4:2:0 (2 2) Image Size: 1920x1080 Megapixels: 2.1 GPS Latitude Ref: North GPS Longitude Ref: West GPS Position: 54 deg 17' 41.27" N, 2 deg 15' 1.33" W

I'm not sure about "OWoodflint", so let's search.
I feel like the answer is here. I think the three social media sites were found.

The first Twitter .

The second WordPress .

Finally, the third one is GitHub

The question this time was supposed to be "What is this user's avatar?", so the answer is "cat," a Twitter avatar.

It was a success without a doubt.

What city is this person in?

The next question is, "What city is this person in?".

Have you noticed that on GitHub you just looked up, there was a comment like this:

Hi all, I am from London, I like taking photos and open source projects .

https://github.com/OWoodfl1nt/people_finder

As stated, it is clear that this person lives in London.

That was the right answer in London!

Whats the SSID of the WAP he connected to?

The third question is "Whats the SSID of the WAP he connected to?".

*WAP: Wireless Access Point

Have you noticed that the following tweet was found on Twitter that you just found?

From my house I can get free wifi ;D Bssid:

B4:5D:50:AA:86:41 – Go nuts!
(From my house, I can get free wifi;D Bssid:B4:5D:50:AA:86:41 – I'm cumming!)

https://twitter.com/OWoodflint/status/1102220421091463168

You can see the Bssid from the above, and we know that you live in London earlier, so try using wigle.net ( https://wigle.net/ ) to identify your SSID.

It came out easily. It's "Unilever Wifi".

This was also correct!

What is his personal email address?

The fourth question is "What is his personal email address?"

The answer is also available on GitHub, which I found in the first question.
The following Gmail is here.

Project starting soon! Email me if you want to help out: OWoodflint@gmail.com

https://github.com/OWoodfl1nt/people_finder

That was the right answer!

What site did you find his email address on?

The fifth question is, "What site did you find his email address on??"

The email address above is GitHub, so answer it as GitHub.

This is the correct answer without any difficulty.

Where has he gone on holiday?

The sixth question is "Where has he gone on holiday?"

Remember what WordPress is about.

so
I will update this site right away with new photos!

https://oliverwoodflint.wordpress.com/author/owoodflint/

From this information, you can see that I went to New York on my day off.

This was also fine and the answer was correct!

What is this persons password?

The final question is "What is this persons password?".
I didn't understand this, so I Googled it.

Reference site

Tri Wanda Septian: https://twseptian.github.io/tryhackme/thm-ohsint/

twseptian's website

TryHackMe – OhSINT Are you able to use open-source intelligence to solve this challenge?

Where it is located is in WordPress source.

When you select all articles, the string "pennYDropper.!" will appear.
Honestly, I didn't know why this was a password. (I've seen a lot of articles, but I don't really understand...)

For now, enter the answer.
That's OK, okay.

Although it is a bit off the point from OhSINT, it seems like a tricky thing to do. .

summary

I've written an explanation of OhSINT.
The content is for beginners, but it was often difficult. . .

It's because social media is developing that I also feel that I need to be careful about OhSINT and post.
Everyone, be careful and have a fun social media life! !