My Journey for eJPT-eLearnSecurity

Hi, I am Astik Rawat, and yesterday I gave my eJPT Practical Exam from eLearnSecurity. I managed to finish the exam in 8 hours out of 72 hours(3 days) provided by the eLearnSecurity. I want to keep this blog sweet and simple so first I will give some background about myself, then where I prepared for the coursework, Exam day, and some tips and tools that could really help you get through the exam easily.

Background

I have completed EC-Council CEH and CEH Practical(6-hour hands-on) Exam. And I have participated in few CTF Events and I have been practicing TryHackMe Rooms on an almost daily basis for a couple of months. So, you know eJPT wasn't my first time sitting for a practical exam or doing penetration testing.

Getting Started

A couple of months ago, eLearnSecurity was in an acquisition by INE. So now anyone can go and SignUp at INE and get their Free CyberSecurity Starter Pass which will allow them to get access to Penetration Testing Student(PTS) Coursework, which is same used by the eLearnSecurity itself some time ago. I personally used the PTS Course from INE and It provided us with around 38 Hours of Coursework i.e. Slides, Videos, and Labs. YES! You heard me right they will give you free LABS that you can access by the OpenVPN and you can practice everything for free. I will surely recommend you to go and signup today and start your eJPT journey.

There are 3 Main Modules in the coursework -

1. Penetration Testing Prerequisites
2. Penetration Testing: Preliminary Skills & Programming
3. Penetration Testing Basics

It took me 3–4 days to prepare the whole course and I paid around 7–8 hours every day but I knew a few tools and terms so it was easy for me to understand but I still watched and read everything from INE. You don't need to rush in soo much, just take your time. It’s really important to understand the concepts them move on to other slides or labs.

Note: I know I will get a lot of questions regarding if we need to do programming to pass this exam. Don’t worry, you don't need to program to pass this exam. But I would definitely recommend you to understand the basic scripting concepts so it can be helpful for you in your long journey in Penetration Testing or OSCP.

Exam Day

On Exam day, I woke up early and made myself a coffee so I can get started with the exam. One thing I liked about eLearnSecurity is you don't need to schedule your exam date and time like other InfoSec Exams. Instead, you just need to click on ‘Begin the Certification’. You will get a Letter of engagement, go read it through to understand what you need to do to be successful in eJPT. I didn’t read much through and It backed fired me after 4hr, so I came back to read it again.

The exam is 20 Multiple Choice Questions, in order to pass you need to answer 15 correctly. Also, if you don’t do the testing on the machine it will be impossible for you to answer as you won't understand it much.

Some tools that I think you should definitely focus and understand them before exam are:

• ip route add <route_to> via <route_from> dev <vpn_interface>
• nmap -sn <subnet_IP_Addr>/24
• nmap -sV -sC -Pn -p- -A <Alive_IP_Addr>
• nmblookup -A <IP_Addr>
• smbclient -L //<IP_Addr> -N
• enum4linux -a <IP_Addr>
• sqlmap -u http://<IP_Addr> -p parameter
• sqlmap -u http://<IP_Addr> — tables
• sqlmap -u http://<IP_Addr> -D <database_name> -T <table_name> — dump
• hydra -L users.txt -P pass.txt <IP_Addr> <ftp/ssh>
• john — wordlist=pass.txt — users=users.txt hashfile

Metasploit

1. search <exploit>
2. use <exploit>
3. show options
4. set LHOST/RHOST<IP_Addr>
5. set LPORT/RPORT<Port>
6. set payload <paylaod>
7. run
8. exit
9. back

Meterpreter

1. background
2. sessions -l
3. sessions -i 1
4. sysinfo, ifconfig, route, getuid
5. getsystem (privesc)
6. download <file> /root/
7. upload <file> C:\\Windows
8. shell
9. use post/windows/gather/hashdump

Recommendations

That’s all but I can't stop telling you how important it is to practice your skill in labs or some virtual machine. So remember to do complete and deeply understand the labs INE provided including the three Black Box Pen testing Labs. They will teach you and give you the understand when you don't know the target IP and you need to start by scanning the network and start your enumeration on the alive host.

Thank you

Anyway, I hope I have helped you with this blog, and I wish you Good luck with your eJPT Journey. If you any other questions feel free to connect with me on LinkedIn and drop me a text. I will try my best to help you with your query for sure. My next milestone is definitely OSCP, so I hope I will be back with its review as well as a guide that I personally followed. I hope you have an amazing day ahead. Cheers everyone!

Connect with me on LinkedIn: https://www.linkedin.com/in/astikrawat/