Skip to content

Latest commit

 

History

History
324 lines (191 loc) · 9.68 KB

OSED-exam-report-template_epi_v1.md

File metadata and controls

324 lines (191 loc) · 9.68 KB
title author date subject keywords subtitle lang titlepage titlepage-color titlepage-text-color titlepage-rule-color titlepage-rule-height book classoption code-block-font-size
Offensive Security Exploit Developer Exam Report
OSID: XXXX
2021-03-25
Markdown
reversing
exploit-dev
shellcode
OSED Exam Report
en
true
1E90FF
FFFAFA
FFFAFA
2
true
oneside
\scriptsize

Offensive Security OSED Exam Report

Introduction

The Offensive Security OSED exam documentation contains all efforts that were conducted in order to pass the Offensive Security Exploit Developer exam. This report will be graded from a standpoint of correctness and fullness to all aspects of the exam. The purpose of this report is to ensure that the student has the technical knowledge required to pass the qualifications for the Offensive Security Exploit Developer certification.

Objective

The objective of this exam is to solve three given assignments as described in the control panel. The student is tasked with following a methodical approach in analyzing and solving the assignments. The exam report is meant to be a writeup of the steps taken to solve the assignment, including any analysis performed and code written.

An example page has already been created for you at the latter portions of this document that should give you ample information on what is expected to pass this exam. Use the sample report as a guideline to get you through the reporting, while removing any headlines that are note relevant to a specific assignment.

Requirements

The student will be required to fill out this exam documentation fully and to include the following sections:

  • High-Level summary of assignment solutions.
  • Methodology walkthrough and detailed outline of steps taken through analysis and all written code.
  • Each finding with included screenshots, walkthrough, sample code or reference.
  • Screenshot of proof.txt.

High-Level Summary

A brief description of the assignments that were solved, including the overall exploitation steps.

IP (Hostname) Vulnerable Service/App Proof.txt Contents
Assignment X 192.168.xx.xx app_name xxx
Assignment Y 192.168.yy.yy app_name yyy
Assignment Z 192.168.zz.zz app_name zzz

Assignment X

Proof.txt

  • proof.txt: xxx

Provide a screenshot of running type proof.txt and the ipconfig command from the directory where proof.txt is stored.

local.txt

Initial Analysis

Provide relevant techniques and methods used to perform enumeration of the application, including network ports, security mitigations etc. The steps taken should be reproducible and easy to understand. Include any custom code or references to public tools.

Listening Ports:

  • 192.168.xx.xx:yyyy
  • 127.0.0.1:zzzz
  • 0.0.0.0:zzzz

Security Mitigations:

  • xxx.dll: ASLR, DEP, SafeSEH
  • yyy.dll: ASLR, DEP, SafeSEH
  • zzz.dll: ASLR, DEP, SafeSEH

References:

Application Analysis

Provide a description of the analysis performed against the application, this includes both dynamic and static analysis.

The analysis should include any reverse engineering performed to understand network protocols or file formats as well as how the application may be triggered to dispatch available commands.

Static Analysis

  • static analysis

Dynamic Analysis

  • dynamic analysis

Vulnerability Discovery

Provide relevant analysis steps to locate vulnerabilities inside the application, this includes both results from static analysis and dynamic analysis.

As part of the documentation, proof of concept Python3 code must be created and explained that triggers the vulnerabilities.

Only the steps that ended up working are required.

Analysis

  • vuln discovery analysis

Initial PoC

To install the dependencies required for PoC execution:

package_manager install dependency1 dependency2

Provide the proof of concept code used to trigger the vulnerability.

#!/usr/bin/env python3

print('[+] Triggering vulnerability')

Exploit Creation

Provide a description of steps to create the exploit, this includes how to combine vulnerabilities, how to bypass DEP and how to write any custom shellcode. At the end of this section the full exploit code should be developed while an explanation of each step should be performed.

Steps to Create the Exploit:

  1. step one
  2. step two

Full PoC

Provide the proof of concept code used to gain access to the server.

#!/usr/bin/env python3

print('[+] Exploit sent, awaiting shell')

Assignment Y

Proof.txt

  • proof.txt: xxx

Provide a screenshot of running type proof.txt and the ipconfig command from the directory where proof.txt is stored.

local.txt

Initial Analysis

Provide relevant techniques and methods used to perform enumeration of the application, including network ports, security mitigations etc. The steps taken should be reproducible and easy to understand. Include any custom code or references to public tools.

Listening Ports:

  • 192.168.xx.xx:yyyy
  • 127.0.0.1:zzzz
  • 0.0.0.0:zzzz

Security Mitigations:

  • xxx.dll: ASLR, DEP, SafeSEH
  • yyy.dll: ASLR, DEP, SafeSEH
  • zzz.dll: ASLR, DEP, SafeSEH

References:

Application Analysis

Provide a description of the analysis performed against the application, this includes both dynamic and static analysis.

The analysis should include any reverse engineering performed to understand network protocols or file formats as well as how the application may be triggered to dispatch available commands.

Static Analysis

  • static analysis

Dynamic Analysis

  • dynamic analysis

Vulnerability Discovery

Provide relevant analysis steps to locate vulnerabilities inside the application, this includes both results from static analysis and dynamic analysis.

As part of the documentation, proof of concept Python3 code must be created and explained that triggers the vulnerabilities.

Only the steps that ended up working are required.

Analysis

  • vuln discovery analysis

Initial PoC

To install the dependencies required for PoC execution:

package_manager install dependency1 dependency2

Provide the proof of concept code used to trigger the vulnerability.

#!/usr/bin/env python3

print('[+] Triggering vulnerability')

Exploit Creation

Provide a description of steps to create the exploit, this includes how to combine vulnerabilities, how to bypass DEP and how to write any custom shellcode. At the end of this section the full exploit code should be developed while an explanation of each step should be performed.

Steps to Create the Exploit:

  1. step one
  2. step two

Full PoC

Provide the proof of concept code used to gain access to the server.

#!/usr/bin/env python3

print('[+] Exploit sent, awaiting shell')

Assignment Z

Proof.txt

  • proof.txt: xxx

Provide a screenshot of running type proof.txt and the ipconfig command from the directory where proof.txt is stored.

local.txt

Initial Analysis

Provide relevant techniques and methods used to perform enumeration of the application, including network ports, security mitigations etc. The steps taken should be reproducible and easy to understand. Include any custom code or references to public tools.

Listening Ports:

  • 192.168.xx.xx:yyyy
  • 127.0.0.1:zzzz
  • 0.0.0.0:zzzz

Security Mitigations:

  • xxx.dll: ASLR, DEP, SafeSEH
  • yyy.dll: ASLR, DEP, SafeSEH
  • zzz.dll: ASLR, DEP, SafeSEH

References:

Application Analysis

Provide a description of the analysis performed against the application, this includes both dynamic and static analysis.

The analysis should include any reverse engineering performed to understand network protocols or file formats as well as how the application may be triggered to dispatch available commands.

Static Analysis

  • static analysis

Dynamic Analysis

  • dynamic analysis

Vulnerability Discovery

Provide relevant analysis steps to locate vulnerabilities inside the application, this includes both results from static analysis and dynamic analysis.

As part of the documentation, proof of concept Python3 code must be created and explained that triggers the vulnerabilities.

Only the steps that ended up working are required.

Analysis

  • vuln discovery analysis

Initial PoC

To install the dependencies required for PoC execution:

package_manager install dependency1 dependency2

Provide the proof of concept code used to trigger the vulnerability.

#!/usr/bin/env python3

print('[+] Triggering vulnerability')

Exploit Creation

Provide a description of steps to create the exploit, this includes how to combine vulnerabilities, how to bypass DEP and how to write any custom shellcode. At the end of this section the full exploit code should be developed while an explanation of each step should be performed.

Steps to Create the Exploit:

  1. step one
  2. step two

Full PoC

Provide the proof of concept code used to gain access to the server.

#!/usr/bin/env python3

print('[+] Exploit sent, awaiting shell')

Additional Items Not Mentioned in the Report

This section is placed for any additional items that were not mentioned in the overall report.