OSWE exam report — short story
I sat at my desk the night before the OSWE, the apartment silent except for the hum of my laptop and the soft tap of rain against the window. For months I'd built exploits and templates, learned how memory and web logic braided together, and practiced turning fragmented leads into full, reproducible chains. Still, the exam felt like a door I'd never opened.
Executive Summary
- Full source code analysis – references to specific files, functions, and lines.
- Chain of vulnerabilities – e.g., SQLi → file read → RCE.
- Exploit script (usually Python) – must work against the exam target.
- No screenshots for every step – code snippets and requests/responses are preferred.
- Professional tone – aimed at a developer or a fellow pentester.
1. Executive Summary (1 Page)
- Audience: Management / CISO.
- Content: High-level overview of what you tested (the two web applications), the severity of findings (e.g., "Achieved Remote Code Execution on both hosts"), and a one-paragraph risk assessment.
- Pro tip: Do not put technical details here. Save the IP addresses and line numbers for the technical section.
# Verify
verify_url = f"self.target/shell_path?cmd=id"
r = admin_session.get(verify_url)
if "uid=" in r.text:
print("[+] Shell written successfully!")
print(f"[+] Output: r.text")
return True
return False
Oswe Exam Report ((full)) [LATEST]
OSWE exam report — short story
I sat at my desk the night before the OSWE, the apartment silent except for the hum of my laptop and the soft tap of rain against the window. For months I'd built exploits and templates, learned how memory and web logic braided together, and practiced turning fragmented leads into full, reproducible chains. Still, the exam felt like a door I'd never opened.
Executive Summary
- Full source code analysis – references to specific files, functions, and lines.
- Chain of vulnerabilities – e.g., SQLi → file read → RCE.
- Exploit script (usually Python) – must work against the exam target.
- No screenshots for every step – code snippets and requests/responses are preferred.
- Professional tone – aimed at a developer or a fellow pentester.
1. Executive Summary (1 Page)
- Audience: Management / CISO.
- Content: High-level overview of what you tested (the two web applications), the severity of findings (e.g., "Achieved Remote Code Execution on both hosts"), and a one-paragraph risk assessment.
- Pro tip: Do not put technical details here. Save the IP addresses and line numbers for the technical section.
# Verify
verify_url = f"self.target/shell_path?cmd=id"
r = admin_session.get(verify_url)
if "uid=" in r.text:
print("[+] Shell written successfully!")
print(f"[+] Output: r.text")
return True
return False
