WebOsint
A walkthrough on [WebOsint](https://tryhackme.com/room/webosint) based on TryHackMe. It covers learning how to conduct basic open source intelligence research on a website.
WebOsint
Difficulty = Easy
Holađ Welcome back. Here is a walkthrough on WebOsint based on TryHackMe. It covers learning how to conduct basic open source intelligence research on a website.
What is WebOsint all about đ€ ?
WebOSINT stands for âWeb Open Source Intelligence.â It refers to the practice of gathering intelligence or information from publicly available online sources. This can include social media platforms, websites, forums, blogs, public databases, and any other online resources where information is openly accessible.
Task 1: When A Website Does Not Exist
The first thing we do when we are given the name of a website/business to check out is fire up the olâ web browser, find the website, and check it out, right?
What if the website, or even the entire business, no longer exists?
That does NOT mean itâs the end of the road. So letâs begin. This OSINT challenge starts off by focusing on a domain called RepublicofKoffee.com. It should be noted that when this challenge was created, the website related to that domain did not exist. Our job is to find as much information as you can about the website RepublicofKoffee.com. Letâs get started and look for information that we can find from the website.
Q1: Click To Complete
- Answer: No Answer Needed
Task 2: Whois Registration
Just because nothing shows up when you visit RepublicOfKoffee.com, doesnât mean that someone doesnât own the domain. We can confirm the current registration status with a WHOIS lookup. A âWHOISâ lookup is the most basic form of domain reconnaissance available. There are multiple websites that will do it for you as well.
Q1: What is the name of the company the domain was registered with?
- First, letâs look up the domain name using the WHOIS website.
The WHOIS tool is used to retrieve information about domain names, including registration details, the domain ownerâs contact information, registration and expiration dates, name server information, and more.
- Answer: Namecheap Inc
Q2: What phone number is listed for the registration company? (do not include country code or special characters/spaces)
- We can gather a lot of information about the website by using the tools
- Answer: 9854014545
Q3: What is the first nameserver listed for the site?
- Answer: ns1.brainydns.com
Q4: What is listed for the name of the registrant?
- Answer: redacted for privacy
Q5: What country is listed for the registrant?
- We got the name of the country, which is âIS,â but that is a short code for a country. By using this website, we can determine that the country is Iceland or by conducting research on the city Reykjavik, which is the capital of Iceland.
- Answer: Iceland
Task 3: Ghosts of Websites Past
Donât be discouraged if your initial searches on a website yield no results. Thatâs where Archive.org and the Internet Wayback Machine come into play.
What is Internet Wayback Machine đ ?
The Wayback Machine, is an online digital archive maintained by the Internet Archive. It stores snapshots of web pages taken at various points in time, allowing users to access historical versions of websites. This archive enables users to view how websites looked and what content they contained at different points in the past. It serves as a valuable resource for research, historical preservation, and accessing information that may have been removed or changed on the live web.
- Looking at the historical information available for the site, you should be able to answer the following questions:
Q1: What is the first name of the blogâs author?
- I entered the domain name into the Wayback Machine and found the website. It was a blogging site. I opened one of the blogs and discovered the name of the author.
- Answer: Steve
Q2: What city and country was the author writing from?
- By reading each and every blog, one consistent detail was the mention of the city name âGwangju.â Upon conducting research, it was found to be located in South Korea.
- Answer: Gwangju, South Korea
Q3: [Research] What is the name (in English) of the temple inside the National Park the author frequently visits?
- I got one blog where the author mentioned finding himself having a meeting in
Mudeungsan National Parkin Gwangju. By conducting research, I found the English name.
- Answer: Jeungsimsa Temple
Task 4: Digging into DNS
So far weâve gathered some good info about the content that was on our target website, even though it hasnât been live for several years. But what about technical details? Thatâs where ViewDNS.info comes in.
ViewDNS.info is a website offering tools and services related to DNS and domain information. It allows users to look up domain details, perform reverse IP lookups, check DNS propagation status, generate DNS reports, and conduct domain research. Itâs a valuable resource for gathering domain-related information and troubleshooting DNS issues.
- Take a look at the search options available and we can answer the question below:
Q1: What was RepublicOfKoffee.comâs IP address as of October 2016?
- Use the IP History tool, which shows the historical IP addresses associated with a domain.
- Answer: 173.248.188.152
Q2: Based on the other domains hosted on the same IP address, what kind of hosting service can we safely assume our target uses?
- There are 82 domains hosted on the server.
But we get that. By checking the hint question: What kind of hosting plan is usually used by websites on a tight budget that donât have a lot of visitors? The answer is
sharedbecause Shared hosting is a type of web hosting service where multiple websites are hosted on a single physical server. Click Here to learn more.- Answer: Shared
Task 5: Taking Off The Training Wheels
- We are given a domain
heat.netto use all the skills we have learned so far to answer the question đ
Q1: What is the second nameserver listed for the domain?
- Using the WHOIS tool, we found the second name server.
- Answer: NS2.HEAT.NET
Q2: What IP address was the domain listed on as of December 2011?
- Hmm⊠that will be IP history, right? By using the ViewDNS.info tools
- Answer: 72.52.192.240
Q3: Based on domains that share the same IP, what kind of hosting service is the domain owner using?
Using the current IP, I utilized the Reverse IP Lookup tool and found that this was also likely SHARED.
Answer: Shared
Q4: On what date did was the site first captured by the internet archive? (MM/DD/YY format)
- Using the Wayback Machine, we can see that the domain was captured over 834 times between June 1, 1997, and March 15, 2024
- Answer: 06/01/97
Q5: What is the first sentence of the first body paragraph from the final capture of 2001?
- July 6, 2001, is the last capture for 2001. Checking the snapshot, we have:
- Answer: After years of great online gaming, itâs time to say good-bye.
Q6: Using your search engine skills, what was the name of the company that was responsible for the original version of the site?
- Answer: SegaSoft
Q7: What does the first header on the site on the last capture of 2010 say?
- The last capture was on December 31, 2010.
- Answer: Heat.net â Heating and Cooling
Task 6: Taking A Peek Under The Hood Of A Website
Often, clues about a website and its creator/owner may be unintentionally left behind in the source code of the website. Pretty much every web browser will have a method of doing this. By viewing the page source of a website, we could get more information about it. These following questions refer to heat.net/36/need-to-hire-a-commercial-heating-contractor/
Q1: How many internal links are in the text of the article?
This task is quite simple. Just go through the text and count the links. You can tell if theyâre internal by hovering over them and seeing where they lead. If they take you to another page on heat.net, theyâre internal links.
Answer: 5
Q2: How many external links are in the text of the article?
- Answer: 1
Q3: Website in the articleâs only external link ( that isnât an ad)
- the external link lead us to purchase.org
Q4: Try to find the Google Analytics code linked to the site
- For this question, right-click anywhere on the page and select âView Page Source.â
- Use Ctrl+F to search for âUA-â.
- Answer: UA-251372-24
Q5: Is the the Google Analytics code in use on another website? Yay or nay
- You can use nerdydata to search for the Google Adsense ID.
- Here we can see that only one website is using it:
- Answer: nay
Q6: Does the link to this website have any obvious affiliate codes embedded with it? Yay or Nay
- No I searched for href and there was no any affiliate links
- Answer: nay
Task 7: Final Exam: Connect the Dots
Q1: Use the tools in Task 4 to confirm the link between the two sites. Try hard to figure it out without the hint.
- I used viewdns.info to compare the results of both the domains heat.net and purchase.org. One common finding was that the owner of both companies was Liquid Web, L.L.C.
- Answer: Liquid Web, L.L.C
Task 8: Debriefing
- Answer: No Answer Needed
Task 9: Wrap-up
- Answer: No Answer Needed
And we are done đ! Thatâs all, friends. Thank you for reading up to this point. I would like to hear your feedback on anything not clear here. Here is my Twitter account @T3chnocr4t. Feel free to DM me if you have any issues with my write-up. Thanks!