Has anyone of you ever come across a fishy and suspicious situation wherein you don’t know anything about the person except their virtual personality that they portray in front of you? In this article, I will try to find the whereabouts a person through a mere WhatsApp and how anyone can go about revealing the person cloaked under the “virtual media”.
This article is divided into four parts:
- What happened
- Prepare for battle
- Find Shizuka’s location
- Find her college’s name
- Check her Whatsapp DP
3. What do we learn
4. A glimpse of part 2
It all started when I returned after attending a technical seminar and got a whats app message from a girl. She said that she is one of the organizers of the seminar and need the feedback of the same. I happily replied and answered all of her questions. Things started getting fishy when she asked me about my interests and personal life like relationship status etc. I searched about her all over the net and for her digital footprints(i.e insta,FB,Linkedin) but could not find her anywhere. I asked the other organizer about her, and they said there’s no one with this number or name on the team.
Now, I knew that someone is trying to mess with me. I had two options i.e., either to block her and move on or find out who’s behind all this the hacker way. As you all know its, quarantine time and we don’t have much to do all day. So I decided and started social engineering her. For the record, let’s name her as SHIZUKA.
Preparation for Battle
Lets put on a hoodie, dim some lights and find who’s behind all this.
Step1: We chatted for two days to gain some trust. We both had lots of time to waste. 😂
Step2: Make notes about each detailed information given to her (in my case name, college, location, and job)
One thing to note, I will only perform passive recon(no hacking).
1. Find Shizuka’s location
I asked her about her interests and one of them was java. So I started asking her easy questions via screenshots.
Weapon 1: There’s a website https://iplogger.org/ which provides you an image URL that can be pasted in any forum’s posts, and as soon as someone sees that post his/her IP gets logged into the web site’s database which can be reviewed later.
I did same I took a less-visited hackerank’s forum page, pasted the image in the comments section and sent the link to Shizuka, and asked her to solve it.
WHAT I GOT: IP address, location, information about her mobile, and at what time she visited the site.
2. Find Shizuka’s college
She shared some random picture of her cafeteria and pets which can’t be used for anything as they are compressed and have their location tagging(EXEF data) is stripped of so I asked her to send one of the image as document on Whatsapp.
Weapon 2: There’s a website https://www.pic2map.com/ which gives you the location where that picture was clicked.
So, with this, I got her college’s name. I got deeper (that’s what she said🤣) and downloaded the timetable(“TT”) of the college, and asked her which subjects she studied today.
And as expected they were not the same as mentioned in the TT so she was lying about the college.
3. Check her Whatsapp DP
She used to update her Whatsapp picture daily like other girls😅. She was blatantly lying that it made me think if she was using her own Whatsapp DP or not. She could be using someone’s picture from Instagram. Now, its time for another weapon for this task.
This can be done in two ways one is a lot simpler and user friendly but less effective and the other is a bit techie and needs Linux. I will brief you all about both.😎
Simpler: These are some website which takes image and input and gives their source as output.
- https://images.google.com/(there's an option to search by image see)
You can upload the image of someone and it will search for it everywhere except social media platform but will try to search for familiar faces.
Harder: This tool can search Instagram(not a private account), Youtube, Facebook, and Twitter for the person. It just needs one image and the name of the person. Isn’t it great? but it comes as a cost you need to set it up on the machine and give some time to search.
Here’s the tool link, all the setup instruction and how to use it is given in the link. So I just took the whats app DP and name. Voila I got a link of a shady Blogspot website with some pictures that she used. The owner of the website had an Instagram account.
What do we learn
- Forums are super useful in recon.
- Images can say a lot.
- If you want to use someone’s image take it from a private account😎.
A glimpse of part 2
- ****** tool gives you the email of the person and the email can be searched in ** for its owner
Here’s the end of part one.
Thanks for reading! If you enjoyed this story, please click the 👏 button and share it to help others! Feel free to leave a comment 💬 below. Have feedback?