HTB- ID Exposed

Hack the box provides so many challenges but this is quit interesting challenge to do.

The ID Exposed challenge is in OSINT category, One of my favourite category.

We are looking for Sara Medson Cruz’s last location, where she left a message. We need to find out what this message is! We only have her email: saramedsoncruz@gmail.com

OSINT STARTS NOW….

We have to find the sara medson last location but we have only her email id.It looks like quite simple right !!.But the problem is Where to start ? Then I know google contacts is one of the resource.If you Familiar with the google contacts than this challenge is easy.

Time to DIG….

In all google accounts we have an unique id in that case we have to create a google contact for her email.

Then by inspecting the source code of a site you have found like this,Most of the id’s are starts with 10 or 11

data:["saramedsoncruz",[["c6360397889627405086",[null,[]
,[]
,"117395327982835488254",null,["6360397889627405086"]

Any contributions and reviews

Now , we have User ID in hand.we have to check the sara’s album and maps through requesting URL

Photo albums:https://get.google.com/albumarchive/[userid] In this url we have found 404 error in google.

Maps : https://www.google.com/maps/contrib/[userid] In this Url we have found a account with the username.Read the review about football museum and then we Found the flag!!!!

It was an pretty awesome challenge to do….Happy CTF!!

Thank You…….