Welcome to the second post of the OSINT category!
RECAP >> I’m going to group four “osintquiz” problems in each post, as most of them did not take much time to solve.
Challenge #4 | TikTokTest
We are given the following TikTok and asked for the timestamp of it. Now this might seem trivial at first, but actually TikTok does not have a visible upload date, and we have to dig in the source code to retrieve it.
I searched throughout the source code without getting anywhere, so I decided to search for Osint blog posts of TikTok, and I found the following: https://dfir.blog/tinkering-with-tiktok-timestamps/
It gives two methods: searching in the source code for createTime, which was perfect, because it gives the timestamp directly in Unix.
This was the replacemente for the previous uploadDate, the older method for knowing the date of a post.
It does have another method using the ID of the video posted, but we will not get into detail about it, you can go to the post and find out yourself :)
We calculate the MD5 hash and send it back to the email, giving us a new challenge.
Challenge #5 | DatingDomains
Shifting away from social media, we are getting in domain territory now. We are given facebook.com and asked on what date was it registered for the first time.
Using a simple WhoIs online will retrieve the Creation Date of the domain, we use the format given ‘yyyymmdd’, calculate the MD5 hash and send it back to the email, giving us a new challenge.
Challenge #6 | WhoHistory
Creation Date of a domain was simple enough, now we are asked to retrieve the owner of the domain ‘driftwoodaruba.com’ as of 2016.
If we search for WhoIs history services, we often get paid services, but I found one free here: https://www.whoxy.com/
Using the history owner we can see a 2016 record, specifically in August.
We convert the spaces in the name to underscores and everything lowercase, calculate the MD5 hash and send it back to the email, giving us a new challenge.
Challenge #7 | CertificateCheck
This challenge is similar to the last one. We are given the following Facebook Page
https://www.facebook.com/SilensecGroup
The challenge is to find out the SHA1 fingerprint of the very first SSL certificate issued for the company website that belongs to this facebook group.
Simply search for Silensec on google and the first result is the correct one: https://www.silensec.com
For everything certificate-related Osint tasks I usually use crt.sh, because it gives a great deal of information without any payment.
Just searching for the domain gives us the history of the certificates, we get the first issued and copy-paste the SHA1, sending it directly to the email, and getting a new challenge.
Disclaimer: This article is only meant for educational purposes. Any action that derives from this article which isn’t meant for educational purposes is not, by any means, supported by the author.
