OSCP Report Writing Reference
You have 24 hours after the exam to submit your report. No report = no pass even with 100 points.
Report Format Requirements
- PDF only — archived into a .7z file (no password, max 200MB)
- Naming:
OSCP-OS-XXXXX-Exam-Report.pdf(case-sensitive, XXXXX = your OS-ID) - Upload to: upload.offsec.com
- All scripts and PoC code must be embedded as text inside the PDF (not external files)
- Order of machines in report = order they are graded
Report Structure (follow this template)
1. Cover Page
- Your name, OS-ID, exam date
2. Executive Summary (1 paragraph)
- Brief overview: scope, time, methodology used
- High-level findings: how many machines compromised, overall security posture
3. Per-Machine Sections (repeat for each machine)
For each machine (3 standalones + AD set), document:
Machine: [IP Address]
OS: [Windows/Linux]
Service Enumeration:
- nmap results (screenshot + key findings)
Initial Access:
- Vulnerability identified
- Steps to exploit (numbered, with screenshots)
- PoC code/commands used
- Screenshot: proof of shell (whoami output)
Privilege Escalation:
- Vulnerability identified
- Steps to exploit (numbered, with screenshots)
- PoC code/commands used
- Screenshot: proof.txt with whoami + hostname + ip/ipconfig
Proof:
- local.txt: [flag value]
- proof.txt: [flag value]
4. AD Set Section
- Document the full attack chain across all 3 machines
- Show lateral movement between machines
- Include credential table showing how each credential was obtained and used
Proof Screenshot Requirements (CRITICAL)
All four outputs must be visible in ONE terminal screenshot:
# Linux
whoami && hostname && ip a && cat /root/proof.txt
# Windows
whoami && hostname && ipconfig && type C:\Users\Administrator\Desktop\proof.txt
Screenshot must show: flag content + whoami + hostname + network info — all in same window. Missing any element = 0 points for that machine.
Documentation-As-You-Go Workflow (Exam Day)
# Start terminal logging at exam begin
script -a ~/oscp/exam_log_$(date +%F).txt
# For EACH machine, before you start:
mkdir -p ~/oscp/machine_IP
echo "=== STARTING machine_IP $(date) ===" >> ~/oscp/notes.md
# Take screenshots of:
# 1. Every nmap scan result
# 2. Every vulnerability found
# 3. Every exploit command + output
# 4. Every shell obtained (whoami)
# 5. Every proof flag (the 4-in-1 screenshot)
# 6. Every credential found
Use Flameshot for screenshots: flameshot gui
Note-Taking Structure Per Machine
## Machine [IP]
### Enumeration
- Open ports: 22, 80, 445
- Web server: Apache 2.4.49 (vuln to CVE-2021-41773)
- SMB: anonymous access allowed
### Initial Access
- Vulnerability: CVE-2021-41773 Path Traversal RCE
- Command: curl 'http://IP/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh' -d 'echo Content-Type: text/plain; echo; whoami'
- Got shell as: www-data
- Screenshot: [filename.png]
### Privilege Escalation
- Found SUID /usr/bin/find
- Command: find / -exec /bin/bash -p \; -quit
- Got shell as: root
- Screenshot: [filename.png]
### Proof
- local.txt: abc123def456
- proof.txt: 789ghi012jkl
### Credentials Found
- admin:password123 (from /var/www/config.php)
- Sprayed against: [list machines tested]
Common Report Mistakes (Instant Fail)
- Missing proof screenshot (must have whoami+hostname+ip+flag in ONE shot)
- Wrong naming convention for the PDF/7z file
- Submitting after 24-hour deadline
- Not enough detail to reproduce the attack
- Screenshots without context (no explanation of what the screenshot shows)
- Using a screenshot that shows multiple concepts — one concept per screenshot
- Not including failed attempts (shows methodology)
Report Writing Timeline (24 hours)
| Hour | Task |
|---|---|
| 0-1 | Organize screenshots and notes by machine |
| 1-2 | Write AD set section (most complex) |
| 2-3 | Write Standalone 1 section |
| 3-4 | Write Standalone 2 section |
| 4-5 | Write Standalone 3 section + Executive Summary |
| 5-6 | Review, proofread, export to PDF, create 7z, upload |
Tools
# OffSec report template
# Download from: https://www.offensive-security.com/pwk-online/OSCP-Exam-Report.docx
# Generate PDF from markdown (if using Obsidian/markdown)
pandoc report.md -o report.pdf --pdf-engine=xelatex
# Create 7z archive
7z a OSCP-OS-XXXXX-Exam-Report.7z OSCP-OS-XXXXX-Exam-Report.pdf
# Flameshot for screenshots
flameshot gui