Introduction

This writeup is about osint Sakura Room from TryHackMe.

This is a room made with Osint Dojo, an Osint security website.

Tip-off

So, lets begin. We are asked the username of the attacker, and we are given a link to a picture.

If you observed well, it is a github link. So, let’s try to inspect code source :

username

Answer : SakuraSnowAngelAiko

Reconnaissance

Okay, so, the first thing to do : a Google search with the username we got.

And we got a github :

github

So, after browsing the repositories, we found a PGP key :

pgp1

You can copy it and after a quick look on Google, you will find tools to decrypt PGP pubic keys :

pgp2

pgp3

Answer : SakuraSnowAngel83@protonmail.com

After another search on Google, we found username real name because of two social medias profiles : Linkedin and Twitter.

linkedin

Answer : Aiko Abe

Unveil

Okay, so now, we come back to Github repository, and browse them again.

We found an Eth repo, and if you click on the history button, you got the answer for the attacker’s cryptocurrency wallet address :

eth1

eth2

So, we also know which mining pool is used. Google it, and found a website. You can copy/paste the wallet address :

eth3

Answers :

 - Ethereum

 - 0xa102397dbeeBeFD8cD2F73A89122fCdB53abB6ef

 - Ethermine

 - Tether

Taunt

As said earlier, we found two social medias, including Twitter. So go on user profile (@AikoAbe3) :

twitter

Okay, to be honnest, this one took me a little longer to find. In one tweet, the user had two words in upper cases : DEEP and PASTE.

So, I finally googled it, found that it was an onion website. So, open Tor and paste the url for DeepPaste website.

Then, you can search the md5 hash which is on the first tweet (be patient) :

deeppaste1

deeppaste2

Finally, the last flag for this section. Try to search for “find wifi ssid and bssid online” on Google, and you will get this website https://wigle.net

Create an account, and you will be able to search by advanced queries. Look for the SSID, and you got the bssid :

wifi bssid

Answers :

 - SakuraLoverAiko

 - http://depastedihrn3jtw.onion/show.php?md5=0a5c6e136a98a60b8a21643ce8c15a74

 - 84:af:ec:34:fc:f8

Homebound

Last but not least !

So, in twitter account, you will find one tweet, and a city mentionned : Bethesda.

Look for Bethesda airport flight to Japan :

Bethesda

Bethesda airport code

In last section, we found the bssid of the user. We also found, that location : Hirosaki, in Japan.

Hirosaki

So, I did a quick flight simulation, and got this result :

Bethesda airport code

We found that their are 2 airport stops on the way : HND and ATL. HND is definitely the one we are looking for.

Last one, is about the lake. Go on Google Maps, and here you are :

Lake

Answers :

 - DCA

 - HND

 - Lake Inawashiro

 - Hirosaki

Thanks for reading, hope this helped.