:orange_book: Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report
This project is maintained by noraj
The Offensive Security OSED exam documentation contains all efforts that were conducted in order to pass the Offensive Security Exploit Developer exam. This report will be graded from a standpoint of correctness and fullness to all aspects of the exam. The purpose of this report is to ensure that the student has the technical knowledge required to pass the qualifications for the Offensive Security Exploit Developer certification.
The objective of this exam is to solve three given assignments as described in the control panel. The student is tasked with following a methodical approach in analyzing and solving the assignments. The exam report is meant to be a writeup of the steps taken to solve the assignment, including any analysis performed and code written.
An example page has already been created for you at the latter portions of this document that should give you ample information on what is expected to pass this exam. Use the sample report as a guideline to get you through the reporting, while removing any headlines that are note relevant to a specific assignment.
The student will be required to fill out this exam documentation fully and to include the following sections:
A brief description of the assignments that were solved, including the overall exploitation steps.
IP (Hostname) | Vulnerable Service/App | Proof.txt Contents | |
---|---|---|---|
Assignment X | 192.168.xx.xx | app_name | xxx |
Assignment Y | 192.168.yy.yy | app_name | yyy |
Assignment Z | 192.168.zz.zz | app_name | zzz |
xxx
Provide a screenshot of running type proof.txt
and the ipconfig
command from the directory where proof.txt is stored.
Provide relevant techniques and methods used to perform enumeration of the application, including network ports, security mitigations etc. The steps taken should be reproducible and easy to understand. Include any custom code or references to public tools.
Listening Ports:
192.168.xx.xx:yyyy
127.0.0.1:zzzz
0.0.0.0:zzzz
Security Mitigations:
xxx.dll
: ASLR, DEP, SafeSEHyyy.dll
: ASLR, DEP, SafeSEHzzz.dll
: ASLR, DEP, SafeSEHReferences:
Provide a description of the analysis performed against the application, this includes both dynamic and static analysis.
The analysis should include any reverse engineering performed to understand network protocols or file formats as well as how the application may be triggered to dispatch available commands.
Provide relevant analysis steps to locate vulnerabilities inside the application, this includes both results from static analysis and dynamic analysis.
As part of the documentation, proof of concept Python3 code must be created and explained that triggers the vulnerabilities.
Only the steps that ended up working are required.
To install the dependencies required for PoC execution:
package_manager install dependency1 dependency2
Provide the proof of concept code used to trigger the vulnerability.
#!/usr/bin/env python3
print('[+] Triggering vulnerability')
Provide a description of steps to create the exploit, this includes how to combine vulnerabilities, how to bypass DEP and how to write any custom shellcode. At the end of this section the full exploit code should be developed while an explanation of each step should be performed.
Steps to Create the Exploit:
Provide the proof of concept code used to gain access to the server.
#!/usr/bin/env python3
print('[+] Exploit sent, awaiting shell')
xxx
Provide a screenshot of running type proof.txt
and the ipconfig
command from the directory where proof.txt is stored.
Provide relevant techniques and methods used to perform enumeration of the application, including network ports, security mitigations etc. The steps taken should be reproducible and easy to understand. Include any custom code or references to public tools.
Listening Ports:
192.168.xx.xx:yyyy
127.0.0.1:zzzz
0.0.0.0:zzzz
Security Mitigations:
xxx.dll
: ASLR, DEP, SafeSEHyyy.dll
: ASLR, DEP, SafeSEHzzz.dll
: ASLR, DEP, SafeSEHReferences:
Provide a description of the analysis performed against the application, this includes both dynamic and static analysis.
The analysis should include any reverse engineering performed to understand network protocols or file formats as well as how the application may be triggered to dispatch available commands.
Provide relevant analysis steps to locate vulnerabilities inside the application, this includes both results from static analysis and dynamic analysis.
As part of the documentation, proof of concept Python3 code must be created and explained that triggers the vulnerabilities.
Only the steps that ended up working are required.
To install the dependencies required for PoC execution:
package_manager install dependency1 dependency2
Provide the proof of concept code used to trigger the vulnerability.
#!/usr/bin/env python3
print('[+] Triggering vulnerability')
Provide a description of steps to create the exploit, this includes how to combine vulnerabilities, how to bypass DEP and how to write any custom shellcode. At the end of this section the full exploit code should be developed while an explanation of each step should be performed.
Steps to Create the Exploit:
Provide the proof of concept code used to gain access to the server.
#!/usr/bin/env python3
print('[+] Exploit sent, awaiting shell')
xxx
Provide a screenshot of running type proof.txt
and the ipconfig
command from the directory where proof.txt is stored.
Provide relevant techniques and methods used to perform enumeration of the application, including network ports, security mitigations etc. The steps taken should be reproducible and easy to understand. Include any custom code or references to public tools.
Listening Ports:
192.168.xx.xx:yyyy
127.0.0.1:zzzz
0.0.0.0:zzzz
Security Mitigations:
xxx.dll
: ASLR, DEP, SafeSEHyyy.dll
: ASLR, DEP, SafeSEHzzz.dll
: ASLR, DEP, SafeSEHReferences:
Provide a description of the analysis performed against the application, this includes both dynamic and static analysis.
The analysis should include any reverse engineering performed to understand network protocols or file formats as well as how the application may be triggered to dispatch available commands.
Provide relevant analysis steps to locate vulnerabilities inside the application, this includes both results from static analysis and dynamic analysis.
As part of the documentation, proof of concept Python3 code must be created and explained that triggers the vulnerabilities.
Only the steps that ended up working are required.
To install the dependencies required for PoC execution:
package_manager install dependency1 dependency2
Provide the proof of concept code used to trigger the vulnerability.
#!/usr/bin/env python3
print('[+] Triggering vulnerability')
Provide a description of steps to create the exploit, this includes how to combine vulnerabilities, how to bypass DEP and how to write any custom shellcode. At the end of this section the full exploit code should be developed while an explanation of each step should be performed.
Steps to Create the Exploit:
Provide the proof of concept code used to gain access to the server.
#!/usr/bin/env python3
print('[+] Exploit sent, awaiting shell')
This section is placed for any additional items that were not mentioned in the overall report.