[Easy]OSINT Challenges Writeup: Hack The Box

Hello everyone… If you guys also find OSINT fun and challenging, then have a look at OSINT challenges by HackTheBox.

As of today, there are 8 free active OSINT Challenges available on HTB, categorized into Easy and Medium.

Link:- https://www.hackthebox.eu/home/challenges/OSINT
My Profile:- https://www.hackthebox.eu/home/users/profile/396919

So, Let’s Begin …

Easy Phish

“Customers of secure-startup.com have been receiving some very convincing phishing emails, can you figure out why? ”

Okay, we have a domain “secure-startup.com” and it is receiving phishing emails. So let’s start looking at SPF records. You can use this site to check.
https://mxtoolbox.com/NetworkTools.aspx

Cool, looks like we got the first part of the flag.
HTB{RIP_SPF_Always_2nd

RIP SPF. Let’s check DMARC (Domain-based Message Authentication, Reporting, and Conformance) Record. You can use the same tool to check the DMARC record.

Got our flag…

HTB{RIP_SPF_Always_2nd_F1ddl3_2_DMARC}

Money Flowz

“Frank Vitalik is a hustler, can you figure out where the money flows?”

Here, we have the name “Frank Vitalik”. Great, let's find sites with this name, maybe we find something on Twitter, Reddit, etc.

This looks interesting, it talks about scams, giveaways, cryptocurrency, and the description of the challenge also talks about money. Let’s check this out.

The author has posted a link. Notice “htb” written in the link. Let’s follow the link.

Now we have an Ethereum address on the Ropston network. Ethereum is public, so we can check the activity of a given address on a block explorer, ropsten.etherscan.io

There are 123 transactions record of both incoming and outgoing transactions. Let’s start with oldest transactions. Check for Outgoing transactions.

Input data is returned in HEX format. Click on “View Input As” and select UTF-8.
Congrats!!! You Got the Flag

HTB{CryPt0Curr3ncy_1s_FuNz!!}

ID Exposed

“We are looking for Sara Medson Cruz’s last location, where she left a message. We need to find out what this message is! We only have her email: saramedsoncruz@gmail.com”

We have an email here “saramedsoncruz@gmail.com”. Let’s do an email lookup on the given email.

Here we can see GoogleID assigned to the email. From here you can see various things. Check this article.
https://medium.com/week-in-osint/getting-a-grasp-on-googleids-77a8ab707e43

Now we have to find the last location of Sara Medson Cruz and we can take a look at contributions to Google Maps made by this Google ID.

https://www.google.com/maps/contrib/117395327982835488254

Yay!!! Got the flag and that’s a wrap to free and active Easy OSINT Challenges.

HTB {i_W4S_D_I_S_c_O_v_3_R_3_D}

— — — — — — — — — — — — — — — — — — — — — — — — — — —

Thanks For Reading. I will come up with Medium level OSINT challenges Writeup soon. Keep Learning

My socials
LinkedIn:- https://www.linkedin.com/in/vinayak-agrawal-2aa5a61ab/
Twitter:- https://twitter.com/Dr_Anonymous95