Osint Dojo Feb 15, 2021 Quiz

 The Quiz had 3 questions

1. What is the name of the bridge pictured?
2. What ISP does the webcam use?
3. What previous port was open on this webcam, that is now closed?

Question number 1 what is the name of the bridge. There is a big clue on the image which is Naxi Radio 96.6fm. Seems like a good place to start. Googling "naxi radio webcam" the first link takes you directly to the page. 

Answer 1 is Branko Bridge.

For the following 2 questions we are going to need more than the bridge name. We need to know which country this is in. 

so in order to find the ISP and any ports I will use Shodan. To help will be using shodan filters, good list of them can be found here: https://github.com/JavierOlmedo/shodan-filters. 

first filter i will use is the country code. Shodan uses a 2 letter country code, for Serbia this is RS

so the first shodan search is: country:"RS"

That is way to many results to go through. 

Second search term I added to Shodan is: has_screenshot:"true"

Still alot of results but looking at the breakdown of top ports reduces this number as there is a large number of RDP ports open. 

so third search term is to filter out that port and all those host and that leaves 198 hosts: -port:3389.

From here i scrolled through the first 10 results to have a look and on the first page was the webcam image i was looking for. Which answers the second question of the ISP of TRUF d.o.o.

Now we know the IP address we can look at the history that shodan holds. From the history tab can see that SMB was last reported as open on 13/01/2019, port 8080 was still open and is used for the webcam.