My eJPT Feedback

My eJPT Feedback
Certification EJPT @alrikrr

eJPT Experience


Hello There ! Here is a small post about my eJPT feedback !

I passed my eJPT on the 27th of August and validate it after 3h. I didn't take the course, only one voucher.

To pass the exam, you may need to answer 15 correct questions.

Exam Guide


The Exam for the eJPT is well guided, you'll need to answer 20 multiple choices question before the 3 days due date after starting your exam.

The question are not all technical, for example you'll be ask to found the name of the CEO or the market guy on a web site for example.

You'll receive a PDF guide, like your scope file for the internal pentest. You can destroy all the machines and then answering the quizz or doing everything step by step, it's up to you.

Technical prerequisite


I would recommend you to have the following skill before doing the exam, and those are the one I used during my exam :

- Well understanding of Linux and Windows machines
- Networking basics
- Routing and VLAN
- wireshark usage
- Kali linux basics tools
- nmap
- sqlmap
- crackmapexec
- metasploit (meterpreter/msfvenom)
- hydra (ssh,ftp,http)
- Password cracking (hashcat,john)
- A good enumeration methodology
- Web fuzzing (gobuster,wfuzz)
- nmap discovery (port, services, OS)
- Local enumeration (Windows or linux)
- Good understranding of 10 OWASP and web exploits
- XSS
- SQLInjections
- Taking notes of everything
- Learn the top known exploit and CVE (eternalblue for example)

Like I said, I didn't purchase the INE course with the voucher for many reason;
- First, this is very expensive
- Second, I was training myself since a while on HackTheBox and TryHackMe and I worked on many project since i'm a pentester in small comapny.

Do not panic on this exam, if you know your shit, you'll pwn every machine in the network like I did, you have a lot of time to plan everything and take some rest.

My Exam


Well, to be honest, I spend too much time trying to setup my route to access other networks. To do so, you'll receive a PCAP file and you must found the hidden network by adding the gateway into your route on your kali machine.

Here is an example:
`add route sudo ip route add 10.86.74.0/24 via 192.168.193.85`

Once you get all the routes (2 for me) you can start enumerating the network and the web site in place.

For me there where 2 windows machine vulnerable to EternalBlue, I managed to get 2 easy shell and then grab all the user and the password i needed to answer the questions.
`use exploit/windows/smb/ms17_010_psexec`

For the web site it was very easy, no CVE only basic exploit such as XSS and SQL Injection. If you know how to use sqlmap you won't have issue to grab all the password and the usernames.
`sqlmap -u http://10.10.11.12/page.php\?id\=1 --dbs`

Some questions were not very clear but I manage to asnwer more then 15 question rigth, so I pass !

Do not hesitate to ask me anything I'll love to help you on your eJPT journey !

This article was updated on 15 August 2023

AlrikRr

Formerly a firefighter in France πŸ‡«πŸ‡· πŸš’, I decided to pursue my passion for IT and especially offensive cybersecurity. Now a Pentester in Montreal πŸ‡¨πŸ‡¦ for almost 3 years and an active member of HackersWithoutBorders North America, I am gradually specializing in internal and network intrusion testing.

Sharing our passion for this field, whether for awareness or education, is an important mission for me!

Feel free to contact me to discuss cyber or anything else over a beer :D 🍻