TRYHACKME
Advent of Cyber 2022 [Day 3] -OSINT Nothing escapes detective McRed
Scenario: As the elves are trying to recover the compromised santagift.shop website, elf Recon McRed is trying to figure out how it was compromised in the first place. Can you help him in gathering open-source information against the website?
Day 3 Learning Objectives: OSINT
- What is OSINT, and what techniques can extract useful information against a website or target?
- Using dorks to find specific information on the Google search engine
- Extracting hidden directories through the Robots.txt file
- Domain owner information through WHOIS lookup
- Searching data from hacked databases
- Acquiring sensitive information from publicly available GitHub repositories
OSINT is gathering and analyzing publicly available data for intelligence purposes, which includes information collected from the internet, mass media, specialist journals, research, photos, and geospatial information The information can be accessed via the open internet (indexed by search engines), closed forums (not indexed by search engines) and even the deep and dark web. People tend to leave much information on the internet that is publicly available and later on results in impersonation, identity theft, etc.
OSINT Techniques
1. Google Dorks: Google Dorking involves using specialist search terms and advanced search operators to find results that are not usually displayed using regular search terms.
2. WHOIS Lookup: WHOIS database stores public domain information such as registrant (domain owner), administrative, billing, and technical contacts in a centralized database.
3. Robots.txt: The robots.txt is a publicly accessible file for search engines to allow or disallow indexing of the website’s URLs. It provides a kind of communication mechanism between websites and search engine crawlers.
4. Breached Database Search: HaveIBeenPwned is one of the free services that offer to check if your email address or phone number is in a leaked database or suffer in any breach.
5. Searching GitHub Repos: GitHub is a renowned platform that allows developers to host their code through version control. Target repositories can give us source code, emails, access tokens or policies, etc.
Answer of Questions
What is the name of the Registrar for the domain santagift.shop?
Find the website’s source code (repository) on github.com and open the file containing sensitive credentials. Can you find the flag?
What is the name of the file containing passwords?
What is the name of the QA server associated with the website?
What is the DB_PASSWORD that is being reused between the QA and PROD environments?
