OffSec enforces strict documentation standards. Failure to meet these can result in zero points, even if you successfully compromised the targets. Step-by-Step Reproducibility
: Include clear screenshots of every major step. Ensure they show the URL, the payload, and the successful result (like a reverse shell or a flag). oswe exam report work
Full remote code execution as www-data . From here, read /root/flag.txt . OffSec enforces strict documentation standards
Unlike the OSCP, where a simple screenshot and a paragraph might suffice, the OSWE demands a fully validated, step-by-step exploitation chain. The exam is 48 hours long, but a shocking number of students fail not because they cannot hack the box, but because their Ensure they show the URL, the payload, and
You have 24 hours after the exam ends to submit. Use the first 4 hours for a "sanity check" of your screenshots.
modules/api/AuthController.php:112-119 Severity: Critical