How I passed the eJPT

07/08/2021 - Estimated reading time: 2 minutes — certs

Having recently completed the eLearnSecurity Junior Penetration Tester (eJPT) certification, I decided to write this post with some useful commands/techniques that could help some of you to prepare/pass the exam, but first, let’s write down a little review of the certification.

Course Review

Due to my background, I just took a quick look at the material, but I skipped a lot. I saw too many presentations/powerpoints/slides/whatever, so I went quickly through all of them, and I jumped to the black box labs.

The material provided by INE is superb (and free). I skipped some parts, but this depends on your previous experience. If you are a junior, then I don’t recommend following my path.

I went through all the 3 black box labs, and they are IMO harder than the exam (at least in my case). The exam’s funny! There are 20 questions to answer, and 15 correct answers are required to pass. I started the exam at 22:00, I read all the questions first, and then I started to answer the questions while I found the correct answers in the exam lab. I finished at 02:00.

eJPT has been my first infosec certification, and it seemed to me “easy” (compared to HackTheBox boxes easy/medium level for example) but realistic scenario, so I enjoyed that! I don’t have any other certification to compare though, please don’t get me wrong.

Do I recommend the certification? Yes, for sure! :) Buy your voucher and enjoy it!

Commands/techniques Summary

Routing

ip route add ROUTETO via ROUTEFROM

Enumeration

Ping sweep

fping -a -g 10.10.10.0/24 2>/dev/null
nmap -sn 10.10.10.0/24 -oN hosts

Scans

Full

cat hosts | grep for | awk {'print $5'} > ips
nmap -sC -sV -n -p- -T5 -iL ips --open -oN portScan

UDP “Quick”

nmap -sU -sV 10.10.10.10

Network Attacks

Brute forcing with Hydra

hydra -L users -P passwords 10.10.10.10 ftp

Windows Shares Using Null sessions

enum4linux -a 10.10.10.10
smbclient \\\\10.10.10.10\\share -N

Exploit

searchsploit xxxxx

You can use here Metasploit if you like.

System Attacks

unshadow passwd shadow > hashes
john --wordlist=/path/wordlist hashes

Web Applications

Directory and file scanning

wfuzz -c --hc=404 -t 200 -w /usr/share/dirbuster/directory-list-2.3-medium.txt http://10.10.10.10/FUZZ

SQLMap

sqlmap -u 'http://10.10.10.10/xxxx.php?xx=x' --dbs
sqlmap -u 'http://10.10.10.10/xxxx.php?xx=x' -D database --tables
sqlmap -u 'http://10.10.10.10/xxxx.php?xx=x' -T table --dump

Conclusion

I enjoyed a lot, and as I already said, I think it’s a good starting point. If you decide to buy the voucher, good luck!

Cheers!

Links of interest

How I passed the eCPPTv2