OSINTDojo Sakura - TryHackMe Room
I decided for my samurai badge to write about sakura and the steps that i have took to resolve the challenge from OSINT Dojo.
Are you ready to begin?
anwser: Let's Go!
What username does the attacker go by?
In this task i open the following url https://raw.githubusercontent.com/OsintDojo/OsintDojo.github.io/d846483eb41dd4fdb6d00ac84ecdb4a66be6a191/TryHackMe/Sakura/sakurapwnedletter.svg
and observe that source code view-source:https://raw.githubusercontent.com/OsintDojo/OsintDojo.github.io/d846483eb41dd4fdb6d00ac84ecdb4a66be6a191/TryHackMe/Sakura/sakurapwnedletter.svg and i have found the following path containing the username of hacker "inkscape:export-filename="/home/SakuraSnowAngelAiko/Desktop/pwnedletter.png"
What is the full email address used by the attacker?
Using the username found previusly SakuraSnowAngelAiko i run a username correlation using https://whatsmyname.app/ and i found the hacker github profile.
Then i open the following github https://github.com/SakuraSnowAngelAiko and open the repository of PGP https://github.com/sakurasnowangelaiko/PGP
Then i imported the PGP key into mail velop and has able to see the hacker's email.
What is the attacker's full real name?
Also using the username found priviusly i was able to locate from google a linkedin profile of the hacker https://www.linkedin.com/in/sakurasnowangelaiko/?originalSubdomain=jp and has able to have is full name.
answer: Aiko Abe
What cryptocurrency does the attacker own a cryptocurrency wallet for?
I look into the github that we have found privisly and i found a repository named ETH that means Ethereum
What is the attacker's cryptocurrency wallet address?
In the same github that we have found previusly in the same repository ETH i have saw the history of the files and i notice the wallet address:
What mining pool did the attacker receive payments from on January 23, 2021 UTC?
Using the same url above mentioned https://github.com/sakurasnowangelaiko/ETH/commit/5d83f7bb37c2048bb5b9eb29bb95ec1603c40135#diff-ed62f5e8bb5f88d470bd6a8aa3cf3c18ad1be17b29153b4896f45e7e57cfb5da
we can see the minning pool that the hacker used.
What other cryptocurrency did the attacker exchange with using their cryptocurrency wallet?
In this section i purely guess it since im not really experience in crypto OSINT and i ended up searching some crypto in google and i have found the currency.
What is the attacker's current Twitter handle?
In this section we are given an image containing a username @AikoAbe3 so decided to search in twitter for that username and i came across her profile https://twitter.com/SakuraLoverAiko
What is the URL for the location where the attacker saved their WiFi SSIDs and passwords?
In this section i use the hint tab because i didnt want it to go to dark net so i open the url that has on the int https://ibb.co/1rHfgVb i saw another url for an .onion website.
The location of the saved Wifi SSIDs and pasword is http://depastedihrn3jtw.onion/show.php?md5=0a5c6e136a98a60b8a21643ce8c15a74 based on the image and also the md5 result that is mentioned on the website.
What is the BSSID for the attacker's Home WiFi?
From the information collected in the question above http://depastedihrn3jtw.onion/show.php?md5=0a5c6e136a98a60b8a21643ce8c15a74 we can see an SSID named DK1F-G that is the hacker home Wifi.
I took that information DK1F-G and use wigle to find their mac address.
What airport is closest to the location the attacker shared a photo from prior to getting on their flight?
From the twitter that i have found i found this picture https://twitter.com/SakuraLoverAiko/status/1353471045148110848 and i reverse image search the buildings around and look for the nearest airport .
What airport did the attacker have their last layover in?
From the twitter the attacker said that this picture has her last layover https://twitter.com/SakuraLoverAiko/status/1353717763097899010/photo/1 so i decided to rum a reverse image search and look for the aiport.
What lake can be seen in the map shared by the attacker as they were on their final flight home?
From the twitter we have a picture of a lake in this post https://twitter.com/SakuraLoverAiko/status/1353733617487241217/photo/1 and i reverse image search a look into google for a lake near this location and i have found it.
answer: Lake Inawashiro
What city does the attacker likely consider "home"?
This has funny i found this anwser in the url from the attackers SSIDs and passwords here it says City Free Wifi.