You have all proofs but screenshots are blurry/cropped. What’s the risk?
Evidence may be rejected; recapture clear screenshots showing commands + proof content.
You forgot to include the exact exploit command flags used. How fix?
Re-run safely to capture exact command/output and update notes before writing report.
Your report includes massive raw outputs. What’s better?
Include key outputs that prove steps worked, and summarize the rest.
You used multiple pivots but didn’t explain routing. How should you document it?
Add a short network diagram/table and list tunnel commands and which targets were reached.
You captured proof.txt but not local.txt (or vice versa). What happens?
You may lose points because objectives often require specific proof files; capture required proofs per target.
You mixed steps from two machines in one section. Why is this bad?
It breaks replication and grading order; separate per target with clear transitions.
You pasted unmodified exploit code pages into PDF. What’s the correction?
Replace with exploit URL and keep only modified code sections (with explanations).
Your screenshots show proof but not the command that printed it. Is that enough?
Often not; capture cat/type output in the screenshot to show interactive shell proof.
You used a web shell to read proof quickly. What’s the scoring issue?
Proof must be obtained and displayed via interactive shell; web shells can be zero points.
You ended the exam and started writing report hours later with missing notes. What’s the lesson?
Write notes continuously; capture outputs/screenshots immediately while context is fresh.
Your report is not in PDF. What happens?
Submission may be rejected or considered non-compliant; convert to PDF as required.
You documented attacks but not how you confirmed admin/root. What should be included?
Commands showing privilege context (whoami/id) and proof evidence for each target.
