Hello guys and welcome back , Ayush this side, today we’ll talk about one of the tryhackme room web osint, this is an amazing room for learning about some recon techniques like how we can find history of any domain by using waybackmachine, viewdnsinfo and more tools. So, without wasting time let’s begin :)

Task 1 When A Website Does Not Exist:

Here our target is given RepublicofKoffee.com and this domain doesn’t exist and we have to find information about this domain and as described in task section I just googled it with quotes “RepublicofKoffee.com” and got some results about it.

I was interested in this result https://dawhois.com/ and got so many answers of second Task

So dawhois is basically a website which gives information about domain names.

Task 2 Whois Registration:

We’ll also need to use this tool lookup.icann.org for finding more information.

Q1 What is the name of the company the domain was registered with ?

Ans Namecheap Inc

Q2 What phone number is listed for the registration company? (do not include country code or special characters/spaces)

Ans 6613102107

Q3 What is the first nameserver listed for the site?

Ans DNS1.REGISTRAR-SERVERS.COM

Nameservers: A nameserver, also referred to as “name server,” is a server designed to translate domain names into IP addresses. It handles queries from clients, like a computer or tablet, about the location of a domain name and its services on the DNS servers. Any server that has DNS software can be considered a nameserver. source: bluehost.com

Q4 What is listed for the name of the registrant?

This question consumed my much time because I was getting this name of company(registrant):

But when I used this tool lookup.icann.org for finding more information. I got different result

Ans You’ll think both names are same but answer was redacted for privacy , I don’t know why ???

Q5 What country is listed for the registrant?

This question also took a lot time first I got it’s country was Iceland but it’s present one and when the company started it’s country was different.

I used this tool https://www.whoxy.com/republicofkoffee.com#history to find history of this domain and go this result:

Ans Panama

Now we are done with task 2 in which we used tools like https://dawhois.com, https://lookup.icann.org, https://www.whoxy.com/ and also learned about nameservers and how to find history of domain names.

Task 3 Ghosts of Websites Past:

Now moving towards task this in this we have used waybackmachine (It’s an online archive which crawls all the web pages on internet and stores in it’s database with all the dates .) It’s not official defination but yes it’s easy to understand.

So, let’s solve the problems.

Q1 What is the first name of the blog's author?

I just entered the domain name on waybackmachine (archive.org) and got the website, it was a wordpress based blogging website , and when I opened the blog I got the name of author.

Ans Steve

Q2 What city and country was the author writing from?

For this question I read each and every blog and one thing was common in each blog was city name, Gwangju searched for it and this city is in South Korea

Ans Gwangju, South Korea

Q3 [Research] What is the name (in English) of the temple inside the National Park the author frequently visits?

I got one blog in which part was mentioned then I just searched the park name with temple keyword and got the result.

Ans Jeungsimsa Temple

Now we are done with Task 3 also, in which we learned about waybackmachine, how we can use it for finding things which doesn’t exist in present time.

Task 4 Digging into DNS

In this we have to find some information about IPs history, for this we have used viewdns.info

Q1 What was RepublicOfKoffee.com’s IP address as of October 2016?

For this we used IP history utility, https://viewdns.info/iphistory/?domain=RepublicofKoffee.com and got this result

Ans 173.248.188.152

Q2 Based on the other domains hosted on the same IP address, what kind of hosting service can we safely assume our target uses?

Ans It’s Shared

Q3 How many times has the IP address changed in the history of the domain?

It’s 4 times we can see in above result

Now we are done this Task 4 and learned about viewdns.info IP history utility.

Task 5 Taking Off The Training Wheels

Now in task 5 we have got another domain heat.net and we have find info about this domain name. For finding all answers we used all the tools which we used earlier till task 4.

Q1 What is the second nameserver listed for the domain?

Use dawhois or whois

Ans NS2.HEAT.NET

Q2 What IP address was the domain listed on as of December 2011?

Use viewdns.info

Ans 72.52.192.240

Q3 Based on domains that share the same IP, what kind of hosting service is the domain owner using?

Ans Shared

Q4 On what date did was the site first captured by the internet archive? (MM/DD/YY format)

For this I used archive.org and got the result

Ans 06/01/97

Q5 What is the first sentence of the first body paragraph from the final capture of 2001?

Ans After years of great online gaming, it’s time to say good-bye.

Q6 Using your search engine skills, what was the name of the company that was responsible for the original version of the site?

You can sega.com was there in above ans so ans was segasoft.

Q7 What does the first header on the site on the last capture of 2010 say?

Search yourself hahahah

Now we are done with Task 5 also and completed most of the questions with the help of wayback machine.

Task 6 Taking A Peek Under The Hood Of A Website

Q1 How many internal links are in the text of the article?

Head over to this website http://heat.net/36/need-to-hire-a-commercial-heating-contractor/ and count the links which is visible and it’s 5.

Q2 How many external links are in the text of the article?

There is one external link purchase.org

Q3 Website in the article’s only external link ( that isn’t an ad)

purchase.org

Q4 Try to find the Google Analytics code linked to the site

Open the source code by right click and click on view page source and search for ga.js then you’ll get the answer UA-251372–24

Q5 Is the the Google Analytics code in use on another website? Yay or nay

use nerdydat.com

Ans nay

Q6 Does the link to this website have any obvious affiliate codes embedded with it? Yay or Nay

No I searched for href and there was no any affiliate links

Ans Nay

Now finally we are done with task 6 now let’s move towards final task.

Task 7 Final Exam: Connect the Dots

In this I just used viewdns.info and compared results of both the domains heat.net and purchase.org and one thing was common , owner of both the company was Liquid Web, L.L.C

Q1 Use the tools in Task 4 to confirm the link between the two sites. Try hard to figure it out without the hint.

Ans Liquid Web, L.L.C

Yayy, finally we have completed all the given task and I hope you liked this writeup if yes then please give a clap and please give feedback about this because I’m new in it and it’s my second writeup, so please give feedback :)

You can follow me on twitter : https://twitter.com/3xabyt3_

Instagram: https://instagram.com/_3xabyt3_

Thank you for your time , we’ll meet in next writeup , till now bye bye and Happy Hacking !