Searchlight - IMINT

Recently released Searchlight IMINT and GEOINT task hosted by TryHackMe.com witten by zewensec.

Welcome

In this room, you will be exploring the discipline of IMINT/GEOINT, which is short for Image intelligence and geospatial intelligence. This room is suited to those of you who are just beginning your OSINT journey or those brand new to the field of IMINT/GEOINT. In order to submit your answers your flag must be in this format sl{FLAG TEXT}

Task 1 Did you understand the flag format? sl{ready}

Task 1 - Understanding the flag format

Task 2 Your first challenge There are 5 elements of IMINT that you should consider when looking at an image; Context Foreground Background Map Markings Trial & Error What is the name of the street where this image was taken? sl{carnaby street}

Task 3 Just Google It Okay! so the last challenge had it written all over it! the first tool in your arsenal will be Google Text, numbers, addresses signs anything! If you see it GOOGLE it. Here you are introduced to 'dorking' which is the art of using Google search operators to make Google return very specific types of data. You are going to need to use 'dorking' later on in the task. Looking through the people on the stairs you can see a station name but "Circus" being prominent and also at the end of the first word you can see "aly" it's Highley likely this station would be Piccadilly Circus. Which city is the tube station located in? sl{london} Which tube station do these stairs lead to? sl{piccadilly circus} Which year did this station open? sl{1906} How many platforms are there in this station? sl{4}

Task 3 - Piccadilly Circus

Task 4 Keep at it! You've solved the last now we move on to a slightly less in your face image.

Task 4 - YVR Connects

The above images shows "YVR Connect" Which is the only give away in this image, it could be anywhere without that text and the search would take considerably longer. A quick google shows this.

Google "YVR Connects"

So we have now got Vancouver Airport as a lead, looking closer at the description it says "Vancouver International Airport" The rest is pretty simple to complete and can be seen below. Which building is this photo taken in? sl{Vancouver International Airport} Which country is this building located in? sl{canada} Which city is this building located in? sl{richmond} *updated 24/01/2021

Question 3 was updated to sl{richmond} 24/01/2021

Task 5 Coffee and a light lunch This is where your Google 'dorking' skills come into play - You are going to have to use the Google Search Operators for this one and really focus on the detail, Yes when we look at the image you can clearly see "The Edinburgh Woollen Mill" however thats not going to be that easy, You can see a corner of a street and its also a one way system - The only information you have been given is its in "Scotland" Lets see how this one is worked out.

Task 5 - Edinburgh Woollen Mill

When you search for "The Edinburgh Woollen Mill Scotland" you will be faced with over 350k results, swapping to images will bring up pages and pages of images but none of them are what we are looking for. You will need to search for the following "Edinburgh Woollen Mill" street "corner" this string of text will show you what your looking for.

Google Dorking

Using " " You are forcing Google to search for this very specific term. But most importantly we now have the city this particular shop is in. Blairgowrie, Scotland. Using google street view will put you into the street and enable to to answer the other questions. Use Google Maps to view Allan Street, Blairgowrie Spinning the camera 360 from Th Edinburgh Woollen Mill will show you the "Wee Coffee Shop" in Blairgowrie.

Continuing on the the questions, You need to find their phone number, email address and surname of the owners. Facebook gave me the remaining answers to the questions, Phone number, Email and Owners Names. Please if you are from the UK then this dialling code +44 may have thrown you, You will need to enter +44<Phone Number>

Email Address & Phone Number

Looking for the Owners surname was a little bit of a longer process, I couldn't find anything immediately on companies house so I resorted back to Facebook and searched the comments, I noticed people referred a lot to David so I focused on this, which worked. I found the owners surname and completed the task. I also found the original image posted on TryHackMe in the Facebook Community section.

Original THM Image

Going through the Facebook Community Posts shows a reply from David Cochrane who is the Co-Owner of The Wee Coffee Shop.

Cochrane

Which city is this coffee shop located in? sl{blairgowrie} Which street is this coffee shop located in? sl{Allan Street} What is their number? sl{+447878 839128} What is their email address? sl{theweecoffeeshop@aol.com} What is the surname of the owner? sl{cochrane}

Task 6 Reverse Engineering I installed RevEye Reverse Image Search Extension for Microsoft Edge which works a charm and helped a lot through the next few tasks. I will show why. You are asked where was this image taken.

Katz's Deli

Reverse Image Search

Katz's Delicatessen

Open the above image in a web browser, right click and use the RevEye tool to search the Internet for you, It works a charm and pretty much located this restaurant for me. Having a quick scope you can see these images are pretty much taken in the same building but different angle and the only name that stands out is Katz's Deli - Which is the answer. You are then having to find a chef who worked 24 hours solid. Quick Google search shows this.

Which restaurant was this picture taken at? sl{katz's deli} What is the name of the Bon Appetit editor that worked 24 hours at the restaurant? sl{andrew knowlton}

Task 7 Locate this structure Okay this image will test you - I had to use the hint in the end as I thought I explored all avenues when actually I hadn't. I knew the location of the statue was Oslo, Norway but finding the original photographer was what took the longest until the hint which says if you know the location you may want to visitoslo - Meaning the Tourist Board (Website) here is the image provided.

Rudolph The Chrome Nosed Reindeer

Searching for this image in the Reverse Image search was useful and cropping it down the the image gave the location away

Oslo, Norway

Now we know its in Oslo, Norway we now need to find the name of the statue. Searching for Motorbike reindeer Oslo Norway brought up a number of images.

Rudolph The Chrome Nosed Reindeer

Scrolling down shows us the name of the statue "Rudolph the Chrome Nosed Reindeer" Now we need to find the original photographer - Viewing the hint send us to VisitOslo tourist website. Here you can see a blog post Guide to outdoor sculptures.

Blog Post

A map will load up displaying the locations of statues around Oslo and more importantly the one we are after.

Kjersti Stensrud

As you see here the Photographer is under Image Credits: Kjersti Stensrud What is the name of this statue? sl{Rudolph the chrome nossed reindeer} Who took this image? sl{kjersti stensrud}

Task 7

Task 8 .... and justice for all This task is more difficult than previously however stick to the methodology and you will find what you need, the slight issue being text and names - The hotel I originally found on street view was The Westin Hotel Resort & Spa however Google says different. This is the image provided and we have to find the name the statue depicts, location and the building name opposite this statue.

Lady Justice

An initial reverse image search displayed the name straight away. Lady Justice however where is it?

Blind Lady Justice

Cropping the image slightly in Bing image reverse shows some other images.

As you can see we now have text in this image which gives us something to go by and then there are also some other images there which further expand the text to show Bryan United States Court" Googling this brings up the following.

As you can see the image on the far right shows the full court name

Albert V. Bryan United States Courthouse

Google the address for this courthouse.

Alexandria, Virginia

We now need to find the name of the building opposite the court house, Google street view works for this. We can see the building number is 400, throw that into Google

The Westin Alexandria Old Town

What is the name of the character that the statue depicts? sl{lady justice} Where is this statue located? sl{alexandria, virginia} What is the name of the building opposite this statue? sl{the westin alexandria old town}

Task 8

Task 9 The view from my hotel You have reached the end and now you have gone from photos to videos but don't panic, this is exactly the same and the methodology is exactly the same. You can download the ffmpeg software but you can also do this without. You are asked to find the name of the hotel that the friend is staying at. The first thing you will see is this.

Riverside Point

It's a dead giveaway and will set you up for a good Google search, Revers this and you will discover it's in Singapore. Next you will see this.

Central - Singapore

Additionally I also noted there was a bright blue carpark below the hotel.

Going over to Google maps armed with Riverside Point, Central and Blue Carpark I came up with this in Aerial View.

Fixed

We now know this hotel is in that location, zoom in and we can see the road Clarke Quay and the Building name Liang Court, I search for Clarke quay Singapore hotel and viewed the images, knowing the bricks are red on the building this image stood out.

We have successfully completed the task and now know that the hotel is called Novotel Singapore Clarke Quay. What is the name of the hotel that my friend is staying in? sl{novotel singapore clarke quay}

https://twitter.com/LightOrithm