HackTheBox CPTS Exam Report Writing using Sysreptor (Detailed Guide)
A step‑by‑step, detailed guide for writing professional CPTS exam reports using Sysreptor. Covers structuring findings, evidence collection, reproducible walkthroughs, templated sections (exec summary, findings, remediation), and example exports — ideal for pentesters preparing formal exam submissions.
The exam report writing approach shared on this blog reflects the strategy I personally used to pass the
CPTSexam on my first attempt. While this method worked for me, exam requirements and guidelines may change over time. Always refer to the latest official course materials and updates from the certifying body to ensure your preparation aligns with current standards.
In this blog, I’ll walk you through the exact steps I used to write a clear, professional, and effective report for the Hack The Box CPTS exam. To keep things practical and easy to follow, I’ll use a simple attack scenario as an example, and based on that attack path, I’ll show you how to structure, document, and format your CPTS exam report from start to finish.
As a practice you are suggested to doAttacking Enterprise Network module blind and prepare Report for it.
Sample Attack Path
Here’s the attack path we’ll be using throughout this report—it’s a simplified version of the Hack The Box Dog machine:
- During initial reconnaissance, an exposed
.gitdirectory was discovered on the target web server. - The
.gitrepository was downloaded and analyzed, revealing valid user credentials hardcoded in the source code. - These credentials were used to authenticate to the web application, which was running a vulnerable version of
Backdrop CMS. - A known
remote code execution(RCE) vulnerability inBackdrop CMSwas exploited to gain an initial foothold on the system. - Further enumeration showed that the compromised user’s
password was reusedby another local user, enabling lateral movement. - Finally, a misconfigured
sudo binary—allowing privilege escalationwithout a password—was leveraged to obtain root access.
Checkout markdownguide.com for simple markdown cheat sheet.
Getting Started with Sysreptor
Head over to https://htb.sysreptor.com/htb/signup, create an account and login.
After logging in, you will see options to create report for various hackthebox’s exams. Todays focus is CPTS Exam Report.
There are mainly 8 Sections we need to work with. Lets understand each of them one by one.
1. Meta
This section is straight forward, we fill details about us and customer. Customer’s detail will be provided on the exam.
TODO highlight the section we need to fill in.
After filling the detail, you can click on Publish button to view what the final version will look like.
Publish will reflect all the changes made.
2. Document Control
In this section, we provide the customer contacts detail as provided in the exam.
3. Executive Summary
The Executive Summary is your chance to speak directly to decision-makers, executives, auditors, and budget holders who may have little to no technical background. It should clearly convey the impact of your findings in business terms, not technical jargon. Avoid acronyms, obscure terms, and vague language like “OSINT” or “deserialization”; instead, use concrete numbers and relatable examples (e.g., “gained access to HR and financial systems” rather than “achieved Domain Admin”). Remember: if your non-technical audience can’t grasp the urgency and implications within minutes, the rest of your report may never get the attention it deserves.
Scope
In the scope section we just fill the scope details provided during the exam.
Assessment Overview and Recommendations
In this section, write an overview of what you found and some recommendations.
4. Network Penetration Test Assessment Summary
Not much to worry in this section. Data here will be automatically filled.
5. Internal Network Compromise Walkthrough
This is the important section. Everything what we did will be written here.
Walkthrough Summary
Just fill the domain name.
Detailed Walkthrough
This section has mainly 2 sections.
High level stepsto fully compromisexdomain.- Then,
Detailed Reproduction Stepsof above attack chain including commands, images and other necessary things which is need to replicate the attack path. If there exist multiple domain, then we repeat this step for both domains.
To view full steps; download the sample report here.
6. Remediation Summary
This section is easy, use chatgpt to generate remediation summary for various finding.
7. Appendix
This section is also straight forward, fill data as per you findings.
8. Findings
Following the Executive Summary, the Findings section is a critical part of the report. It provides an opportunity to showcase the work performed, illustrate the potential risks to the client’s environment, furnish technical teams with the evidence needed to validate and reproduce issues, and offer actionable remediation guidance.
Use CVSS Calculator and CWE if needed.
Final Touch-up and Export
Once you are done, go to publish section. If you see any warnings click it, identify it and then fix it.
Once all warnings are fixed, you can just click on Download and get pdf version of the report.
Download the PDF
Have questions, feedback, or want to collaborate? Reach out on one of the platforms below — I’m happy to connect.
| Platform | Link |
|---|---|
| GitHub | github.com/dollarboysushil |
| linkedin.com/in/dollarboysushil | |
| twitter.com/dollarboysushil | |
| Medium | medium.com/@dollarboysushil |
| YouTube | youtube.com/@dbs-sec |
| Discord | discord.gg/5jpkdeV |