> Who am i??
I’m Saeed Bala Ahmed, a great fan of “Mr. Robot Series” where I got my nickname r0b0tG4nG. I am an offensive security engineer with 4 years of experience in the cybersecurity field. I currently work at Offensive Security as a Junior Vulnerable Machine Engineer. I have a strong passion for penetration testing, bug hunting, CTF’s & other security-related topics. I spend most of my time pwning vulnerable systems on EchoCTF.Red, PwnTillDawn, HackTheBox & Proving Grounds.
> The Story begins
Well i am not a good story teller and i know there are thousands of OSCP stories out there but i will try my best to sum up everything. I’ve always spent my time on discord either hacking with friends or discussing hacking related topics. i love cybesecurity and I spend all my time on EchoCTF.Red, PwnTillDawn, HackTheBox.
To be honest, i have spent quite a lot of time on these platforms. Dating back in 2019, judging from my performance on these platforms, most of my friends convienced me to take the OSCP exam but guess what i was too scared to take the stand i think it was the right decision. There is no need to rush in life. What’s meant to happen will surely happen and one shouldn’t rush into making some decisions…..
> Fast Forward OSCP Preparation
I was awarded a 90-day lab voucher by Black Cybersecurity Association on July 5, 2021, i redeemed the voucher on 10th of July 2021 then scheduled to start PWK Labs a week after which was on 18th of July 2021. I had a whole lot of tension mounted on me because the hype around OSCP is so great that when i am going to rate i will say out of 10 people taking oscp, only 3 will pass on their first attempt. Two of my friends who wrote the OSCP exam before i even got this voucher failed.
This alone was enough to scare me but what good will i derive from been scared? Three days to the PWK labs time, my mentor advised that the best way to build confidence and also to secure a passing mark is to work on my buffer overflows skill. I am as bad as the word bad in terms of exploiting buffer overflows. We started with some Linux binaries then moved to windows.
My mentor tasked me to follow the guidelines from Buffer Overflow Prep Room to solve OVERFLOW1 . I executed this task and i took me about 40mins to solve a windows buffer overflows. My confidence grew from 0.00% to 2.00% because i was able to face the fear for windows buffer overflows exploitations.
New challenge from my mentor was to solve all the other OVERFLOW tasks without looking at any writeup. Guess what?? in about 3hrs i solved all 9 OVERFLOW tasks on TryHackMe. My confidence rose from 2.00% to 20.00%. On the same day, i was able to solve all TryHackMe rooms that had a windows buffer overflow vulnerability.
My love for buffer overflows started on that day. I reached out to most of my friends on discord asking for links to any windows binary/software that is vulnerable to buffer overflow. I gathered about 15 windows Binaries/softwares and with these binaries, i was able to reduce my buffer overflow solving time from 40 mins to 15minutes.
PWK Lab Access started on 18th of July 2021. On day 1, i jumped straight to hacking the lab machines and I was able to compromise 5 machines without help. This streak continued for some time until i had 35 machines compromised without any help. I knew there was trouble waiting for me ahead beacuse the road can’t be this smooth. From time to time especialy at a stage where i had fully compromise 45+ machines in the labs, the situation changed. I got stuck on some crazy targets. Whenever i run out of options i would go knocking on the doors of my friends and the OffSec community. Some were helpful while majority gave answer try harder. Keep in mind that the try harder replies taught me to dig deeper and also step out of my comfort zone. This attitude really helps alot since you will be forced to read more and will also teach you how to be independent.
> Asking help and reading hints
I have heard a lot of people saying asking for help and also reading hints is not helpful. I strongly disagree with that. What happens when you are stuck for a really long time and all what you have tried doesn't work out even after taking breaks??. I advice go ask for help or read a hint. When asking for help, do not try to get direct information on how to solve the challenge but rather find out if what you are doing is right, what are you missing? are there any ways apart from your way?. Keep one thing in mind. Just don't focus on how to solve a machine but rather focus on learning what the target is teaching you. Each target in the offsec labs has a something different to offer.
Pain, Sufferance, humble and gh0st, these targets are popularly known as the big 4 in the offsec community. i spent a great deal of time on trying to compromise these machines. They are harder than any other target in the offsec labs but you will learn alot from them once you decide to pawn these machines. In short, i completed all 75 PWK Lab Machines in 72 days. I learnt a whole lot from the labs especially pivoting, privilege escalation & manual sqli. I spent the remaining 18days lab access to help others in the community who were stuck on targets until the final day.
> Exam Preparation
On October 10th, 2021 i booked an exam for 20th November, 2021 22:00 GMT. Why a huge interval and wait time?? I was not confident in myself even after compromising all 75 offsec labs so i thought it will be wise to to spend the remaining time hacking on different platforms. I went back to EchoCTF.Red and PwnTillDawn, spent a good amount of time there hacking any machine that i came across. I highly encourage the public to sign up on these platforms, there are a lot to learn from them. On October 18th, 2021 i purchased a month subscription on Proving Grounds Practice.
The Secret is, i used the Proving Grounds machines to simulate a test OSCP exam. Luckily on my part, most of my friends were also preparing for their OSCP exams too. Four friends who happen to be my study mates took their exam before me. Unfortunately 3 failed the exams only 1 passed. I was scared because i am next in line wouldn’t you be scared if it was you??. The question was “will i fail or pass this exam?” What my friends and i did was, we will select 5 machines from PG Practice and these machines were mostly (2 20points, 2 25points & 1 10points), try to compromise these machines in 24hrs without help to simulate the OSCP exams, make a report after which we will compare our reports. Why did we do this?
- To build up report writing skills.
- To learn each other’s methods of attacking targets.
- To learn how to work under pressure.
Time flies like an arrow, lo and behold, my PG practice subscription expired on November 18 2021 which means i am left with 48hrs before my OSCP exam. I decided to revisit buffer overflows again just to be sure i wasn’t leaving anything out. I downloaded more binaries from Exploit-DB to test my bof exploitation skills. On November 19th 2021 i spent all day working on buffer overflows i heard buffer overflow is a 25 points machine in OSCP exam and i didn’t want to miss that 25 points.
> Exam D-Day: Dawn Of A New Era
20th November, 2021 approached faster than i imagined, my exam starts at 22:00GMT. My day started great, I played God Of War 4 & Ghost Of Tsushima on my PlayStation console to clear my mind. Well, something strange happened. On the day of exam, i wasn’t scared anymore i was rather excited that i was about to write my OSCP exam. I said to myself "boy, you have to get this in one shot. Give the exam your all so in the end you won’t have any regrets". At 11am GMT, i spent some time watching movies with special other till 4pm GMT. My internet at home is really bad so i decided to write the OSCP exam at work. Everything i needed for the exam was packed already in my bag including a different source of internet ( mobile router). I am ready to rock and roll, i left for work at 4:15pm GMT with the never say never attitude. I usually have this attitude whenever there is a CTF competition which i looked forward to, but on this day 20th November, 2021, i was in a whole different version of that never say never mood.
The first thing i did at work was watch some animes on the work laptop from 4:40pm GMT to 8:30pm GMT. I did all i could to avoid touching my laptop because when i do touch my laptop, i will end up on one of those sites i mentioned trying to pwn a vulnerable machine. At 9:00pm i turned on my laptop, double checked all the snapshots & backups of my VMware. I advise take snapshots and full clones of your VmWare Machines. I had a full stand-alone clone of my kali VM, a full backup of the VMware machine on an external ssd and also another backup on a different ssd. I have read from many blogs that during the exam, alot of people’s VM's crashed. For some, snapshots saved them while others were saved by their backups VM's. Attached is a image of my VM snapshot manager.
After watching anime, i switched to watching privilege escalation videos and reading more OSCP blogs online. Why did i read more blogs few hours to OSCP exams? i wanted to learn from their mistakes. "What they did wrong, what advice do they have? and how they managed the stress and pressure??"” after a while i stopped reading because my inbox was flooded with messages from family & friends. Some said a prayer for me while others motivated me with the phrase "r0b0t Try harder". I replied most messages with this sentence i will do my best and if that's not enough i will go plus-ultra. I made up my mind that i will not have any regrets after this exam, i will do all i can & will try all what i know. I said a short prayer "My Lord You Have brought me this far and i know You did not bring me here to leave me hanging. I am because YOU are, all i need is the strength to handle this exam do not forsake me my Lord".
> Exam Started
At 9:45pm GMT i got an email from offsec to join the proctor. I logged in and did the necessary checks. Now i was ready for my exam. Exactly at 10:00pm GMT, i got an email from offsec with my exam connection pack. So it all begins the moment we’ve all been waiting for…. The dawn of a new era begins…..:)
35 minutes into my exam, i built a working buffer overflow exploit and was ready to claim my hard earned 25 points. One thing i did was: while i was working on buffer overflows i fired nmap scans on the other targets. 1hr 45mins into exam and i had 45 points I completed the 20 points machine in about 15-20mins after the bof 25 points machine which increased my score to45 points. I spent close to an hour on the 10 points machine and i finally popped a shell then proceeded to root. Do not underestimate the 10points machine what you need is right infront of you but if you're not careful, you will miss it. In a about 3hrs+ in OSCP exam i had 55 points. Now i was left with the last 25 point & 20 point machines.
I decided to start with the 25 point machine. After spending close to 4hrs+ on this machine i was not able to pop a shell. I decided to switch back to the 20 points machine. After 2hrs+ of enumerating i pop a shell on the 20 points machine now i have a total of 65 points (10 points from 20points machine). I spent 3hr+ on this box too and couldn’t escalate privileges to root even after finding the privelege escalation vector. In total, I have spent about 11hrs+ in the exam already.
I took a 15minutes break because it was 9:00am GMT. I took some energy drinks (lucozade) as breakfast then jumped back to business. I spent more time on the 20 points machine but i still could not root it. To avoid stress and tension building up, i jumped back to the 25 points machine, started afresh from nmap scan and that was when i realized i was lost initially in a deep rabbit hole. I enumerated a specific service for some time trying different attacks on that service until i popped a shell. I finally had 75 points i shouted YEYYEEESSS!!! i’m sure my proctor was laughing at me on the other end because of how i behaved🤣 (OSCP pass score is 70points) and i was able to secure 75 points. At that time, i was 18hrs+ into exams. As for the 25 points box i couldn’t find any privilege escalation vector on that because of …. sorry can’t talk about…
The privilege escalation route i found on the 20 points machine was still not exploitable. Not sure if the issue was coming from how i executed my commands or the issue was from target machine i kept trying to root the 20 points machine until the proctor closed my vpn access. I scored more than enough points to pass my OSCP exams but i still hold a grudge with myself for not rooting the 20 points machine even after finding the privilege escation vector. I took a total of 4 breaks and drank about 3 bottles of lucozade energy drink. Notes taking is very important i made sure to document every step that worked and during the exam i created backup copy of my exam documented notes to the host machine incase my Kali VM crashed i won’t lose my data.
Whenever my head started to spin and i was about to give up, i watched 3 particular videos to boost my morale and never-give-up-spirit. This was the order i watched these videos. lol i admit i watched these videos over a billion times lol
1 Martin Luther King Speech Watch Video
2 Shakira - Try Everything ( Zootopia theme ) Watch Video
3 Sami Yusuf - Make Me Strong Watch Video
The funny thing is that my laptop froze completely 2x🤣 yes you heard that right 2x😁 during the exam. I am not talking about VM freezing i mean the whole laptop froze. Meanwhile i switched from a low end machine to an Alienware so that i will have more resources alloated to the VM. I was lucky nothing crashed in the exam. Attached is an image of my Kali VM settings
> Exam Ended & I Passed
The exam ended on November 21, 2021 at 9:45pm GMT. I made sure i had the neccesary screenshots for my report. I packed my stuffs, went home and i still couldn’t close my eyes to sleep. The next day at 8am GMT i started with report writting and at 7:30pm GMT, i submited my report. The hardest part of the OSCP exam is waiting for the results. Why?? because i checked my email a billion times. My OSCP exam results came in on November 23, 2021 at 7am GMT and i am proud to tell the world that I Saeed Bala is OSCP Certified.
Last words, Never give up, believe in yourself and dare yourself to chase the dream. Read, read, read and ask questions regardless of how stupid the question sounds. It’s okay to read writeups but make sure you don’t get used to reading writeups. This will make you write-up dependant and you whenever you get stuck and there is no writeup, you will not be able to research deep to solve that issue becasue you have built your life around writeups. All that matters is make sure you are learning something from the write-up but not just to solve the machine to claim points. Before reading a writeup, make sure you have tried all possible options and none worked. keep pushing and you will reach greater heights. If i could do it then you too surely can do it. Keep this in mind “Your strength does not come from winning. It comes from struggles and hardships. Everything that you go through prepares you for the next level.” Keep pushing you can do it too my friend. Thank you for reading and good luck in your exam. May the forces be with you…. You will ace it go for glory go for gold😇
> Special Thanks
The Lord Our God For HIS Countless Blessings.🙏
My family: You are the reason i’m working hard. 👨👩👧👦
My mentors especially DataBus, W0tw0t, L0qpa, SomeCanadian & TheCyberGeek :) 😎
The Tenikese Team: r3dh0nt3r, 0ver!d3-X, Ragnar & Cyber+ 😁
The Ghanaian community: Blay, Kalkulus, NiiHack, Nana K, Mr Prince, Mr Robert, Alaska, Pheonix, Virus404 …etc🔐