HTB Write Up: Missing in Action
This is a write-up on the OSINT challenge from HTB. Special thanks to HTB user egotisticalSW for creating the challenge.
This challenge is a great foray into OSInt and demonstrates the investigative power of social media. The only clue provided is "Roland Sanchez from Birmingham, UK is missing. The family are convinced he was kidnapped on a business trip. Can you help?"
Start with a Google search of "Roland Sanchez Birmingham UK," which leads to Roland's LinkedIN page. The page further reveals that he is employed as the CISO at Egotistical Bank. Follow this up with another Google search of "Egotistical Bank" to arrive at Egotistical Bank's Twitter page.
Reading through the tweets, there is a mention that "Our CISO jumped the gun slightly! We'll let you know when we move to actual hosting and not some free site." This indicates that somewhere on the Internet there may be an unpublished website for the Bank. It also seems as though the link may have been posted on Twitter, although that is nowhere to be found and may have been deleted.
Using the Wayback Machine, it is possible to see what web pages looked like at some point in the past. On Wayback, search for the Egostistical Bank Twitter page and find a version that has the original tweet, complete with URL, then visit the website.
In one of the blog posts on the website, Roland mentions that he will be traveling and plans to "review the best hangouts" (note that there are some red herrings in this and other blog posts).
TripAdvisor is a popular site for travel reviews and by searching the site for Roland Sanchez it is possible to find Roland's profile. Although there are no reviews posted, his travel map and contributions on the site indicate he has been to at least one place: Tamper Coffee - Sellers Wheel. The coffee shop has many reviews on TripAdvisor but none from Roland, so the review must be on a different site.
Google "Roland Sanchez Tamper Coffee - Sellers Wheel" and find the the review on FourSquare. The review includes the flag.