TryHackMe: Advent of Cyber [Day 5] Ho-Ho-Hosint

Room: Advent of Cyber

Difficulty: Beginner

“Elf Lola is an elf-of-interest. Has she been helping the Christmas Monster? lets use all available data to find more information about her! We must protect The Best Festival Company!”

This challenge focuses on using Open Source Intelligence Techniques to try and find out more about Elf Lola. We are going to be referencing the OSINT Framework, found HERE. It is a good idea to bookmark this resource.

Question #1 What is Lola’s date of birth? Format: Month Date, Year (e.g November 12, 2019)

For this flag, we can simply type Elf Lola into Google. Her Twitter page is one of the first things that comes up.

Her date of birth is clearly available.

You can also see she has a link to her personal blog. Let’s open that in a new tab, since it might be useful for later.

But…let’s pretend looking her up by name didn’t work. An alternative technique would have been to use exiftool on the Grinch photo we downloaded from the question.

Exiftool is used to extract metadata from images. This is text data that is stored in the photo when you take a picture, such as the camera specs that were used, and possibly even info about who took the picture.

If you need to install it on Kali, the command is:

sudo apt install libimage-exiftool-perl

To run exiftool:

exiftool <filepath>

These are the results I got when I ran the photo through:

After this, we could have searched for “JLolax1” using Google, which would have led us right to that same Twitter page.

Another alternative is to use Windows to extract some of this same data. Download the file, right-click, and then choose properties. Under the Details tab we see this:

It’s good to have many options.

Question #2 What is Lola's current occupation?

This next question is pretty easy after you gain access to her public Twitter page. Lola clearly lists her current occupation.

Question #3 What phone does Lola make?

Another easy one. Simply check Lola’s tweets. She is excited about being able to make a certain type of phone, and then sends a Tweet from it.

So far painless, right? Lola is not making this difficult.

Question #4 What date did Lola first start her photography?

For this question, you can utilize the OSINT Framework to find a possible strategy, or recall that the resources attached to the question referenced the Wayback Machine, found HERE.

OSINT path: Archives > Web > Internet Archive: Wayback Machine

If you paste Lola’s website address into Wayback’s search bar, it will return some historical data. We can see when Lola started being active on her website:

Let’s click on October 23, 2019 to see her very first update.

Looks like she is having an anniversary celebration to celebrate her photography career! With this info, we can do some math and find out the flag for Question #4.

Question #5 What famous woman does Lola have on her web page?

For this flag we will download the image (right-click and save it) from Lola’s webpage and then do a reverse image search with Google.

And this is the result we will find:

I hope you saw how easy it was to use basic Open Source Intelligence Techniques to discover a large amount of info about someone in a short amount of time. Did you notice that Lola even had her physical address listed on her website?

Happy Hacking! ❤




CTF Writeups to facilitate cyber education.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

CoinWind Platform Token ($COW) Public Sale Will Start on May 25th, and Whitelist is Open Now!

RocketPad’s IDO Model

{UPDATE} Prison Life Survival fighter - Juegos de lucha gra Hack Free Resources Generator

How to get My first Ether address using MetaMask wallet.

{UPDATE} Premii Fara Numar Hack Free Resources Generator

How crypto communities can stay more safe from phishing attacks on Slack — Beta release #2

Don’t Get Scammed by Scareware! Here’s How to Stay Safe

InfoSecSherpa’s News Round Up for Tuesday, December 14, 2021

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


CTF Writeups to facilitate cyber education.

More from Medium

ToolsRus CTF — Writeup

Evade Windows Defender reverse shell detection with Powercat

Hack the Box: Active Write-Up

TryHackMe — Jeff