OSCP Report Writing Reference

You have 24 hours after the exam to submit your report. No report = no pass even with 100 points.


Report Format Requirements

  • PDF only — archived into a .7z file (no password, max 200MB)
  • Naming: OSCP-OS-XXXXX-Exam-Report.pdf (case-sensitive, XXXXX = your OS-ID)
  • Upload to: upload.offsec.com
  • All scripts and PoC code must be embedded as text inside the PDF (not external files)
  • Order of machines in report = order they are graded

Report Structure (follow this template)

1. Cover Page

  • Your name, OS-ID, exam date

2. Executive Summary (1 paragraph)

  • Brief overview: scope, time, methodology used
  • High-level findings: how many machines compromised, overall security posture

3. Per-Machine Sections (repeat for each machine)

For each machine (3 standalones + AD set), document:

Machine: [IP Address]
OS: [Windows/Linux]
Service Enumeration:
  - nmap results (screenshot + key findings)
  
Initial Access:
  - Vulnerability identified
  - Steps to exploit (numbered, with screenshots)
  - PoC code/commands used
  - Screenshot: proof of shell (whoami output)
  
Privilege Escalation:
  - Vulnerability identified  
  - Steps to exploit (numbered, with screenshots)
  - PoC code/commands used
  - Screenshot: proof.txt with whoami + hostname + ip/ipconfig
  
Proof:
  - local.txt: [flag value]
  - proof.txt: [flag value]

4. AD Set Section

  • Document the full attack chain across all 3 machines
  • Show lateral movement between machines
  • Include credential table showing how each credential was obtained and used

Proof Screenshot Requirements (CRITICAL)

All four outputs must be visible in ONE terminal screenshot:

# Linux
whoami && hostname && ip a && cat /root/proof.txt

# Windows
whoami && hostname && ipconfig && type C:\Users\Administrator\Desktop\proof.txt

Screenshot must show: flag content + whoami + hostname + network info — all in same window. Missing any element = 0 points for that machine.


Documentation-As-You-Go Workflow (Exam Day)

# Start terminal logging at exam begin
script -a ~/oscp/exam_log_$(date +%F).txt

# For EACH machine, before you start:
mkdir -p ~/oscp/machine_IP
echo "=== STARTING machine_IP $(date) ===" >> ~/oscp/notes.md

# Take screenshots of:
# 1. Every nmap scan result
# 2. Every vulnerability found
# 3. Every exploit command + output
# 4. Every shell obtained (whoami)
# 5. Every proof flag (the 4-in-1 screenshot)
# 6. Every credential found

Use Flameshot for screenshots: flameshot gui


Note-Taking Structure Per Machine

## Machine [IP]

### Enumeration
- Open ports: 22, 80, 445
- Web server: Apache 2.4.49 (vuln to CVE-2021-41773)
- SMB: anonymous access allowed

### Initial Access
- Vulnerability: CVE-2021-41773 Path Traversal RCE
- Command: curl 'http://IP/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh' -d 'echo Content-Type: text/plain; echo; whoami'
- Got shell as: www-data
- Screenshot: [filename.png]

### Privilege Escalation  
- Found SUID /usr/bin/find
- Command: find / -exec /bin/bash -p \; -quit
- Got shell as: root
- Screenshot: [filename.png]

### Proof
- local.txt: abc123def456
- proof.txt: 789ghi012jkl

### Credentials Found
- admin:password123 (from /var/www/config.php)
- Sprayed against: [list machines tested]

Common Report Mistakes (Instant Fail)

  • Missing proof screenshot (must have whoami+hostname+ip+flag in ONE shot)
  • Wrong naming convention for the PDF/7z file
  • Submitting after 24-hour deadline
  • Not enough detail to reproduce the attack
  • Screenshots without context (no explanation of what the screenshot shows)
  • Using a screenshot that shows multiple concepts — one concept per screenshot
  • Not including failed attempts (shows methodology)

Report Writing Timeline (24 hours)

HourTask
0-1Organize screenshots and notes by machine
1-2Write AD set section (most complex)
2-3Write Standalone 1 section
3-4Write Standalone 2 section
4-5Write Standalone 3 section + Executive Summary
5-6Review, proofread, export to PDF, create 7z, upload

Tools

# OffSec report template
# Download from: https://www.offensive-security.com/pwk-online/OSCP-Exam-Report.docx

# Generate PDF from markdown (if using Obsidian/markdown)
pandoc report.md -o report.pdf --pdf-engine=xelatex

# Create 7z archive
7z a OSCP-OS-XXXXX-Exam-Report.7z OSCP-OS-XXXXX-Exam-Report.pdf

# Flameshot for screenshots
flameshot gui