Open in app

Sign in

Write

Sign in

TryHackMe — WebOSINT Write Up

Cursemagic
5 min readFeb 27, 2021

--

Hi, today I'll be sharing my write-up for the room WebOSINT from the TryHackMe platform. Without further ado, let’s get started!

Link to TryHackMe WebOSINT room: https://tryhackme.com/room/webosint

Task 2 Whois Registration

To get the name of the company the domain is registered with we can go to the link provided: lookup.icann.org.

For the phone number, we can go to “Raw Registrar RDAP Response” for more information.

For the first nameserver:

Or can get from:

Listed for the name of the registrant:

The country listed for the registrant:

Task 3 Ghosts of the websites past

Go to archive.org and look for RepublicOfKoffee.com. Go for the 21st.

Go for the oldest post.

The name is on top.

City and country of the author writing from:

The temple in the national park author visits:

We can see keywords from the page.

After that, try Google search it.

And we found it.

Task 4 Digging into DNS

Now go to viewdns.info and search the IP history.

We can see the previous IP addresses.

For the next question, we are asked for the kind of hosting services. So, we take the IP and place it to the reverse IP lookup.

And we can see there are so many domains using this IP address, which makes me think of shared hosting server.

Based on the previous image, we found that the Ip address had been changed 4 times based on history.

Task 5 Taking off the training wheels

Now new task is given for the new domain, heat.net.

To get the second nameserver,

For the IP address for December 2011,

The date for the site first captured by the internet archive,

The final capture of 2001.

The first sentence.

For the original company that responsible for the site, we can press the “Privacy Policy” link and we will get the answer.

For the last capture in 2010, the header is:

Task 6 Taking a peek under the hood of a website

Go to the link: http://www.heat.net/36/need-to-hire-a-commercial-heating-contractor/ for this part.

As we hover across the links, only one that direct to other sites, which makes it 5.

For the external link, only 1.

For the link of the external source, hover mouse on it and we can have the answer.

Ans: purchase.org

For Google Analytic Code, we can get it from the source code.

For the other site, Google Analytics code is not used.

And there are no obvious affiliate codes found.

Task 7 Final Exam: Connet the dots

For heat.net:

For purchase.org:

As we can see here, there have similarities, Liquid Web, L.L.C.

And we are done with this room!

This room is quite good to learn new techniques to search the internet. So, do you learn anything?

Thank you for finishing the write-up!

Tryhackme
Beginner
Osint
Writeup

--

--

Cursemagic
Cursemagic

Written by Cursemagic

15 Followers
1 Following

Just learning, together we are strong.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams