eJPT -h [eJPT walkthrough]
The eJPT. A fun exam/course that gets your feet wet in the waters of penetration testing and gets your hands dirty in the realm of figuring stuff out when you have no clue why something isn’t working.
How did I pass? And what do I need to do to pass?
Well first lets start with some major bullet points:
- You will read or have read this over and over again: “Everything you need to pass the eJPT is in the course notes covered in the PTS learning path. – While this is true, we will go into this statement a little bit more.
- 72 hours to take the exam – which is PLENTY of time
- There is a free retake
- 20 multiple choice questions based on your findings (the answers are so close together so you need to know the answer to get it right)
Now lets get into it:
where to start?
While sites like HTB and Try Hack Me are fantastic learning resources, they are not the if all end all needed to study to pass this exam, The INE material, while a bit outdated (they use Kali 2017 in their examples) still contains all the information needed to develop a great methodology that will help you pass this exam. If you are looking for outside resources to help, I recommend to stop. Focus on the labs given in the course and do them over and over and over again until you crack that box without needing the walkthrough supplied. This will be much more helpful than struggling to root a box on Hack the Box.
So what do you need to do?
- Study the INE course matierial.
Everything you need to pass the eJPT is in the course notes covered in the PTS learning path
everyone who passed the eJPT
The above statement is thrown around by everyone who took and PASSED the eJPT. Whether you’re on reddit, quora or searching different blog postings on medium/wordpress/whatever you will see that statement pop up time and time again. So I am here to set the record straight,
It’s true BUT it’s only true after you pass.
And I say this because after you complete some of the hurdles that the exam throws at you, you see where in the course notes the answer was.
But before that it’s a struggle. INE does not give you the answer outright but rather gives you the baseline knowledge for you to figure it out.
Unfortunately for those struggling, this is part of the journey. If you really want a career as a pentester or just a cybersecurity professional, you need to be able to work through your frustrations, break down the issue step by step and figure it out.
so what should i review?
Methodology is paramount. Enumeration is everything.
Some of the tools used in the INE course were Nessus, nmap, fping, masscan. Know how to USE these tools and know how to READ the results. I can’t stress this enough. It’s one thing to type away an nmap scan with a few switches but knowing what the results are actually telling is a skill that only comes with practice.
nmap
- OS detections
- vulnerability scanning
- UDP scanning
- service scanning
nessus
- have this installed before the exam
- know how to conduct a PROPER scan
fping
- know the differences between this and nmap
- how to output errors
masscan
- know how to use this tool and read the outputs
After a successful enumeration, be sure to save all outputs so that they are readily averrable for you to pull up when you need to reference them. Due to the fact you will be focusing attention on different machines its important to take proper notes and keep track of the commands you used (both the ones that worked and didn’t)
web applications
From fingerprinting and banner grabbing to SQL injection, nothing is off limits on this exam. But thats okay because if you followed the first step and have a proper methodology, you will be ready to attack web apps like a pro (a junior pro that is).
I won’t go into further details about what you need to know but rather list the topics you should be familiar with.
- SQLi
- XSS
- Banner Grabbing
- Directory fuzzing
- Netcat
- Exploiting Misconfigured HTTP Verbs
what else?
Have a great understanding of the metasploit tool. It’s a powerful tool that eLearnSecurity allows you to use, so use it!
With that said, know what you are doing, know what type of payload to use and know what exploit to use.
Network Attacks such as exploiting null shares, using hydra, hashcat are going to be paramount in your studies so focus on them. Know the commands to use.
Familiarize yourself with ARP poisoning and how it works.
seems like i left stuff out…
Well I did. This is because there are so many great writeups on medium and reddit that cover the eJPT that just typing up another one would add to a pile of blog posts that talk about the same thing. The one thing that sets this article apart is below:
The eJPT is not an “easy” exam. However it is extremely passable because eLearn gives you the tools and the mindset to figure out the issues you will encounter on the exam.
There is a letter of engagement you MUST read after hitting the “Begin Certification” button, I read blog/forum posts about people missing this and it boggles my mind.
You’re going to have to do a few things that aren’t “penetration testing” related, so having a good foundational knowledge on networking is a huge plus. Judging from all the other posts and comments it seems peoples biggest issues is pivoting to the other networks. I listened to John Hammonds eJPT review where he talks about plink and I read all the other issues people were having regarding this., so if you get nothing from this post, at least take this:
You do not need plink or any other tool not discussed in PTS training course
Wireshark is all you need. Wireshark + good note taking where you keep a list of commands used rather.
I recommend watching videos on Wireshark and what the different color alerts mean and how to do basic things like following a TCP stream.
Again. Wireshark is ALL you need.
Watch some videos on networking before the exam from Professor Messer regarding routing and IPv4 topics. This will not only help you as you begin your career as a penetration tester but help in every facet of cybersecurity.
Best of luck to all taking the eJPT!
Feel free to reach out on twitter
@0xc0pper