For each machine, you must include:
"Seriously?"
Download the official "OSWE Exam Guide" from your OffSec portal. Read the "Reporting Requirements" section three times. Then build your template exactly to that spec. OffSec is pedantic—match their energy, and you will succeed.
: You must include screenshots showing the contents of local.txt and proof.txt on the target machines to receive credit.
If you used Burp Suite, include screenshots of the request/response that triggered the bug. 5. Final Checklist for Your Report Work
Do not write a sloppy script. OffSec examiners will run your script against their exam VM. If it fails due to a hardcoded IP or a missing dependency, they may mark that vulnerability as "Not Exploited."
: Do not wait until the final 24-hour window. Documenting while you work ensures you don't forget critical steps or lose required screenshots.
The OSWE requires you to submit a functional exploit script. Your "report work" should include a well-commented Python script that executes the full exploit chain from start to finish. Use the requests library.