How I passed the eJPT

How I passed the eJPT¶

Having recently completed the eLearnSecurity Junior Penetration Tester (eJPT)
certification, I decided to write this post with some useful commands/techniques that could help some of you to prepare/pass the exam, but first, let’s write down a little review of the certification.

Course Review¶

Due to my background, I just took a quick look at the material, but I skipped a lot. I saw too many presentations/powerpoints/slides/whatever, so I went quickly through all of them, and I jumped to the black box labs.

The material provided by INE is superb (and free). I skipped some parts, but this depends on your previous experience. If you are a junior, then I don’t recommend following my path.

I went through all the 3 black box labs, and they are IMO harder than the exam (at least in my case). The exam’s funny! There are 20 questions to answer, and 15 correct answers are required to pass. I started the exam at 22:00, I read all the questions first, and then I started to answer the questions while I found the correct answers in the exam lab. I finished at 02:00.

eJPT has been my first infosec certification, and it seemed to me “easy” (compared to HackTheBox boxes easy/medium level for example) but realistic scenario, so I enjoyed that! I don’t have any other certification to compare though, please don’t get me wrong.

Do I recommend the certification? Yes, for sure! :) Buy your voucher and enjoy it!

Commands/techniques Summary¶

Routing¶

ip route add ROUTETO via ROUTEFROM

Enumeration¶

Ping sweep¶

fping -a -g 10.10.10.0/24 2>/dev/null
nmap -sn 10.10.10.0/24 -oN hosts

Scans¶

Full¶

cat hosts | grep for | awk {'print $5'} > ips
nmap -sC -sV -n -p- -T5 -iL ips --open -oN portScan

UDP “Quick”¶

nmap -sU -sV 10.10.10.10

Network Attacks¶

Brute forcing with Hydra¶

hydra -L users -P passwords 10.10.10.10 ftp

Windows Shares Using Null sessions¶

enum4linux -a 10.10.10.10
smbclient \\\\10.10.10.10\\share -N

Exploit¶

searchsploit xxxxx

You can use here Metasploit if you like.

System Attacks¶

unshadow passwd shadow > hashes
john --wordlist=/path/wordlist hashes

Web Applications¶

Directory and file scanning¶

wfuzz -c --hc=404 -t 200 -w /usr/share/dirbuster/directory-list-2.3-medium.txt http://10.10.10.10/FUZZ

SQLMap¶

sqlmap -u 'http://10.10.10.10/xxxx.php?xx=x' --dbs
sqlmap -u 'http://10.10.10.10/xxxx.php?xx=x' -D database --tables
sqlmap -u 'http://10.10.10.10/xxxx.php?xx=x' -T table --dump

Conclusion¶

I enjoyed a lot, and as I already said, I think it’s a good starting point. If you decide to buy the voucher, good luck!

Cheers!

Links of interest¶

How I passed the eCPPTv2

Last update : August 13, 2023
Created : Aug 7, 2021