TryHackMe: Geolocating Images

This room focuses on Geolocating Images. It is designed to be beginner friendly. HERE is a link to the room if you would like to follow along.

To begin with, we start out with reverse image searches. I’m already laughing at the author’s STRONG opinion of Google Image search:

“Yandex is to Google what a formula 1 racing car is to the $200 car you brought off your friend Ivan who claims the car isn’t stolen but you’ve had police tailing you all week.

It really is night and day. There is no comparison to be made. Use Yandex first, and then a hundred more times. Then after Yandex, use Bing. Then Google. I cannot stress enough how much of a joke Google reverse image search is. It should be your last resort.”

Point taken!

Moving on to Task 2 (and still trashing on Google)

Question #1 Where is image 1?

“(Use Google Reverse Search and revel in all the airplanes it shows you, which by the way, isn’t the right answer).

Try Yandex Reverse Image search. Look at the differences!”

You should have downloaded a zip file from Task 1 containing four images:

Let’s open up Image 1 and run it through YANDEX.

After a quick scroll through the results, it was simple to figure out that the sculpture is located in China:

Just for funsies though, I ran it through Google:

Hmmm…it actually didn’t do so bad? And gave me much more info about it up front without me having to look further. Interesting.

I think my final thought on the matter is, why not use both?

Task 3 is a tutorial regarding how to locate things using more context clues and a bit of investigation. Task 4 moves on to letting you put those skills into practice yourself.

Question #1: Where was image 2 taken?

“Specifically, I’m looking for the name of the place that has likely set up the webcam. You’ll know it when you see it! Please do not use reverse image searches for this!”

So we have a lot to work with here, including street names and a place called “Sports Corner”.

I Googled that and my first result was a “bar and grill across the street from a stadium”. If you look closer at the picture, the building in the background does resemble a stadium, so I think I am on the right track.

And, we can see it’s located on the corner of those two streets in the photo:

It looks like the perspective was most likely from W Addison Street.

If you turn the camera around, you can see a store called Wrigleyville Sports.

Our next Task has us looking at another image that appears to be a webcam still from Shodan.io.

Question #1 Where was image 3 taken?

“Please do not try to use reverse image searches for this one! Pay close attention to what is in the image. I want you to answer with the name of the place the webcam is facing.”

So I am guessing the instructions mean that little…observatory? At first glance, the taller structure reminds me of the Eiffel tower, but it’s quite far away. Also, I remember from being in Paris that most of the buildings were white, so that fits.

What I did was pan out for a broad view of Paris on Google maps and searched for “observatory”.

Before I got too far into that though, I did use exiftool to try and get a look at some of the details from the photo:

Seemed mostly unhelpful.

Looking at the photo, you can see the River Seine moving past the Eiffel Tower. With the direction of the river, you can orient yourself to which side of the city this was likely taken.

You can also see a bunch of bridges, to get a scope on the distance from the tower, and you can see that the river curves away from the location. I am assuming it is somewhere in this general area:

You can see that there is an Observatory here, which seems to line up perfectly with my theory. Zooming in, you can see the building in our photo on the top left:

The name here just says “Paris Observatory”, but that is not the correct answer. We are looking for the name of this specific Paris Observatory, since they are numerous through-out the city. I pasted the address of this particular one into Google and got a name.

The correct answer is Meudon Observatory.

Task 7 is similar to the last. Another webcam still that we need to geolocate.

Straight away this is giving me British vibes. Especially since they are driving on the left side of the road.

Earlier, the author mentions being able to find out countries by license plates. I hope there is a tool somewhere that can do this, because I would find it hard to memorize what every country plate looked like.

I did find a bunch of sketch looking websites that claimed they could do it, but eventually I ended up just putting the plate number straight into Google:

This does confirm it is a vehicle from the UK.

I did a bit more research on British plates and found this:

After running a scan from one of the websites that popped up earlier, I got this result:

Looks like it was registered near Stanmore:

That does narrow it down, but if it’s registered as “London Taxis International”, this pic could have been taken anywhere around London.

I was also intrigued by those interesting lamp posts. So I looked them up to see if they could narrow anything down:

It looks like they are used widespread through-out the UK to mark pedestrian crossings, so that doesn’t help.

It was at this point that I realized the question didn't specify that we were banned from using a reverse image search like the last one, so I cropped the center monument and used Yandex, which brought up a match for Westminster Commons:

This monument ended up being quite far from Stanmore. It looks like it was taken from the perspective of Abbey Road:

A short while later it hit me that this is actually a famous crosswalk, which is why all the people are here acting like tourists, and probably why there is a webcam pointed at it:

Click HERE for a live view.

Happy Hacking! ❤

--

--

CTF Writeups to facilitate cyber education.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store