eJPT Experience [sys41x4]
Hello, friend
I am Arijit Bhowmick aka sys41x4
I have just passed my eJPT Exam with 95% marks on 18.10.2021 around 7:20 am [IST] and I do hope that my experience during the exam would help you out.
Verify my Certificate at ==> https://verified.elearnsecurity.com/certificates/7b12c81c-19ce-4c0c-ac74-38785ecf507cYeah, So I have purchased the voucher on 15.10.2021
While I have faced an issue, that my voucher has not been added in my exam section after the purchase.
So you might be thinking where should the exam voucher would be shown
After creating an account in https://members.elearnsecurity.com
you will have a section in the left nav-bar.
There you will see the Exam section.
Click on it.
If the voucher has been added then it will be shown in the Exam Section
If it is not added then you can write an email about your issue to support@elearnsecurity.com and they will reply within 1-2 business days.
The support message may look like this or so.
You can also search your queries in their Community Forums
INE Community Forum
eLearnSecurity Community Forum
You can also join their Unofficial Discord Server at https://discord.gg/XPVwUX6uxR for any help/discussion if you want.
Prepared Notes For Exam
https://sys41x4.notion.site/eJPT-Preparation-Notes-sys41x4-02fb94dd91364642b6622f0843b73879
Exam Situation
After Getting the voucher in my account
I have started my exam on 7:43 am Sunday 17.10.2021 [IST]
It took me 4 hrs to get my passing marks which is 15
and spend rest 1 hour to get the others.
So after 5 hrs (which include some breaks and lunch) I was confirm that I would pass the exam.
After Answering all the questions the exam dashboard would somehow look like this.
***** Obviously, I have hidden the Question in the screenshot below :) *****
All 20 questions are Multiple Choice Questions
Yes, it might be that there are more than one answers to any questions
So, you might be thinking after 5 hours what I have done.
I have thought of writing a writeup about my findings and how I have completed this exam.
!!! Obviously the writeup will not be made public, as I don’t want to break any rules from eLearnSecurity !!!
So, The Writeup took me around another 2 hours to complete
And this article took around 1 hour to complete.
Exam Procedure
Here in the exam Dashboard you can see when you have started the exam.
On starting the exam you will be provided with an option Download Letter of Engagement
Click on it and it will provide you with a compressed file.
Download it and it will contain all the required information about how to start the exam.
From here You can also start and stop the lab environment.
Once you start the lab environment you have to get the .ovpn file to connect with the lab
by clicking the key icon button.
You can Resume Quiz by clicking on the button.
This is not a CTF style Exam, as it was earlier mentioned in many blogs about eJPT
I would say that they will not tell you if you have compromised a system/network
or if any system would really be pwned or not.
It is really like a penetration test, and you have to judge yourself if you have pwned the system/network or not
I would suggest to go for some tryhackme pwn, Networking, and other basic boxes (EASY ones ofcourse) if you want to practice outside the PTS course.
But yeah, there will be nothing in the exam, that was not taught in the PTS course.
Networking
I would say that we have to practice the routing process, about how the commands works.
Networking plays a huge part in almost all red team certs
and we should have a grip in this, which will be helpful for future certifications and Penetration Testing.
You can add the network as was stated in the PTS course as
ip route add <network-to-access>/24 via <network-to-access-through>
Here <network-to-access-through> is the gateway
A helpful command would be route | grep tap0 | cut -d " " -f 1
which will show you the networks that are connected with the lab environment.
Wireshark
You should have a real grip in wireshark to get it’s functions quick in this exam.
And again, networking knowledge is very important
Directory Enumeration
You can use any enumerating tool you want
I have specially used gobuster for enumeration
The commands are simple
gobuster dir -u <url> -w <wordlist-to-use> -x ext1,ext2,ext3
Here ext1,ext2,ext3 are the extensions you want to find if you need any.
dir ==> directory/files enumerationYou can get the detailed description in the gobuster -h or man gobuster
Vulnerability Scan
You can use any vulnerability scanner you want.
I have used Nessus Essentials the free license one.
Or you can also use vuln script in nmap for vulnerablity scan
nmap --script vuln --script-args=unsafe=1 -iL active_hosts.txt -oN vuln_scan.txt
where active_hosts.txt contains the ip-addresses to scan
And the scan output will be dumped to vuln_scan.txt file
SQL Injection
You can use sqlmap or jsql tools for sql-injection.
For sqlmap we can use
sqlmap -u <url-to-check>
Notations
-u ==> specify url to check
-p ==> parameter to specify [eg, id]
--data=<post-String> ==> post string to use
--technique=U ==> Use Union Attacks
--technique=B ==> Use Boolean Attacks
--tables ==> Dump tables
-D ==> Specify Name of the Database
-T ==> Table Name to dump
--dump ==> Dump the content from the DatabaseMetasploit
You can either use metasploit to exploit some systems or any other exploits if you want
Hash Cracking
You can use john or hashcat or any other tool if you want
In my case, I have used john for hash cracking.
OSINT
You will not face too much in OSINT scenario, but what would you face just analyse it perfectly.
XSS
You can check for xss with the popular <script>alert(1);</script>
Directory Bruteforcing
I have just used hydra for bruteforcing
You can use hydra in any scenerio you want
you can bruteforce FTP, SSH, http-get, http-post, etc
hydra -L <username-list> -P <password-list> <service>://IP:<port>
So, how can I forget google :)
Yeah, you are right google is your best friend, and really it would be.
Once face a problem, Just google it out.
Pivoiting
I have seen in lots of articles and blogs that, lot of authors suggest us to have a grip in pivoiting
but I really have not faced any situation like that. It might be there or it might not be.
As I have not gone through any pivoiting techniques in my whole eJPT exam.
Finishing The Exam
After Finishing your exam, they will instantly provide you your result.
I have got 1 question incorrect. They will not show us which one was incorrect
But I was sure about a question that might got incorrect :)
After Completing the exam, just go back to the dashboard and there you can verify your name at first and then Download your eJPT certificate.
Generating Public Certificate Link
Click on the My Certifications Tab in left nav-bar.
There we will be presented with a page through which we can generate our public certificate link
Mark the check-box which says visible and then you can click on view to get the public link for your certificate
From this link you can share your Certificate
Conclusion
And this is what I want you to say.
It is really a good and comfortable exam.
Don’t overthink anything
It is really easy and fun exam. The 3 Blackboxes I would say was way tough than this exam.
It is 72 hours exam, don’t fear.
It’s quite a long time to answers all the questions.
Read question again and again carefully.
I would say that I have really enjoyed my first professional exam :)
I do really hope that you have enjoyed and like this article about my experience in this exam.
If you want to contribute financially you can visit https://sys41x4.github.io/donate/
Social Media Platform Links :
Twitter : https://twitter.com/sys41x4
LinkedIn : https://www.linkedin.com/in/sys41x4/
TryHackMe : https://tryhackme.com/p/sys41x4
GitHub [Cybersecurity Based] : https://github.com/sys41x4
GitHub [Software & Certificates] : https://github.com/Arijit-Bhowmick/
Instagram : https://www.instagram.com/sys41x4/
Facebook : https://www.facebook.com/sys41x4/
