I just stumbled upon this thread and I want to leave my two cents. I passed the OSCP on my second attempt back in July 2019 having gotten all the flags except for root on a 25 point box. So I knew I had enough points even without any partial credit for having a low priv user on that 25 point box. But just cause you have enough points doesn’t mean it’s time to celebrate. Remember, the report is what you are graded on! It is meant to be a pen test report similar to a real-world engagement. My final report was 52 pages, but a lot of that was due to the screenshots.
Here is my advice:
- Follow the format of the sample report: https://www.offensive-security.com/pwk-online/PWKv1-REPORT.doc
- For each target add in a section called
Information Gatheringwith a screenshot and single sentence description for that screenshot. Do this for information that was useful in helping you identify the existence of the vulnerability. Open ports, directories, nmap scans, etc. - Link to any proof of concept code that you used (GitHub, exploit-db).
- Include the exploit code and highlight any changes you made to it.
- Disclose and explain each vulnerability used to get a low-priv shell and to escalate to root/system.
- Provide a recommendation to fix the vulnerability.
- Provide a step-by-step guide to reproduce the exploit (low-priv and root/system). Include some screenshots.
- Provide a proof screenshot for each flag. Make sure that screenshot has the username, hostname, IP address, and the flag.
- Don’t delay writing the report! I thought it would take less time than it did. It took me 8 hours and I turned it in 5 minutes before it was due.