How To Pass Your eJPT Exam
Last updated
Was this helpful?
Last updated
Was this helpful?
Hello hackers, Hope you are well !! 👋
Recently i have completed the , I’ve had a few people asked me about my experience, So i decided to write this post detailing the commands and techniques I used to pass. The hope is that this resource can be helpful to other student studying for this certification.
The is a 100% practical certification on penetration testing and information security essentials. Bypassing the exam, a cybersecurity professional proves to employers they are ready for a rewarding new career.
Cost: 200$ (exam voucher)
Duration of exam: 72 Hours (3 days)
Questions: 20 questions
payment options: Paypal/credit card
Material: (Lab, video, PDF)
Nothing, INE material is enough even non-technical people can understand easily, But i really recommend that you have:
basic understanding of networking concepts
Simple manual web application security assessment and exploitation
Understanding of information gathering techniques
Understanding of the penetration testing process
By obtaining the eJPT, your skills in the following areas will be assessed and certified:
TCP/IP
IP routing
LAN protocols and devices
HTTP and web technologies
Essential penetration testing processes and methodologies
Basic vulnerability assessment of networks
Basic vulnerability assessment of web applications
Exploitation with Metasploit
Simple web application manual exploitation
Basic information gathering and reconnaissance
Simple scanning and profiling the target
INE offer a free starter pass subscription that include many learning path and one of them is Penetration Testing Student (eJPT)
register you account
clam your PTS free course and start learning
eLearnSecurity divided the PTS course into three sections and modules, as can be seen below.
1- Preliminary Skills – Prerequisites
Introduction
Networking
Web Applications
Penetration Testing
2- Preliminary Skills – Programming
Introduction
C++
Python
Command Line Scripting
3- Penetration Testing
Information Gathering
Footprinting & Scanning
Vulnerability Assessment
Web Attacks
System Attacks
Network Attacks
Next Steps
⭐ The eJPT exam doesn’t require you to go through the programming section to pass the exam so you can skip this part for now if you`re planning to get more deeper in programming after this course.
eLearnSecurity packed the course with good information, but it’s showing its age. Don’t let that deter you from taking it because I really think they did a great job with the hands-on part of the course.
That brings me to the labs included with each module. Those labs are the meat and potatoes of the course. If you are a novice in the offensive security field, you will definitely learn a lot from it.
You will be given 20 multiple-choice questions (MCQs), and you must properly answer 15 of them in order to pass the test. additionally, every question is based on practical. You can check the materials during the exam because this exam is open-book.
OpenVPN, Nmap, Nessus, fping, dirt buster, burp suite, john the ripper, hashcat, Metasploit, hydra, Nmap, Wireshark, sublist3r, Netcat, dirb, enum4linux, samrdump, smbclient
complete course material with labs
understand the concept of Pivoting( very important)
in the exam go through the pentesting phase and connect all dots.
Take notes for reference, Make new tabs in the terminal to do other tasks
do not take stress it is a very easy exam. consider you are solving CTF.
after taking eJPT certification one thing I can say it is one of the best exams I ever attended. and highly recommend it to every beginner who wants to start their journey in cybersecurity.
hosts discovery fping:
hosts discovery nmap:
open ports scan (save to file):
UDP port scan:
nmap vuln scan example:
nmap SYN flood example:
masscan open only examples:
httprint banner grabling:
add a route in kali/parrot:
routing table:
discovery subdomain of a target by sublist3r:
filter by ip
filter by dest ip
filter by source ip
filter by tcp port
filter by ip addr and port
filter SYN flag
broadcast filter
directory discovery:
file discovery:
output of responses with status code:
the -maxtime flag offers to end the ongoing fuzzing after the specified time in seconds:
number of threads:
determine the databases:
determine the tables:
dump a table's data:
try to get os-shell:
check example:
hijack cookie through xss
there are four components as follows:
attacker client pc
attacker logging server
vulnerable server
victim client pc
attacker: first finds a vulnerable server and its breach point.
attacker: enter the following snippet in order to hijack the cookie kepts by victim client pc (p.s.: the ip address, 192.168.99.102, belongs to attacker logging server in this example):
attacker: log into attacker logging server (P.S.: it is 192.168.99.102 in this example), and execute the following command:
attacker: when victim client pc browses the vulnerable server, check the output of the command above.
attacker: after obtaining the victim's cookie, utilize a firefox's add-on called Cookie Quick Manager to change to the victim's cookie in an effort to hijack the victim's privilege.
wordlist generation
hydra http basic auth brute
hydra brute http digest
hydra brute http post form
hydra brute http authenticated post form
hydra brute
combine passwd with shadow file for john the ripper:
john the ripper bruteforce:
hashcat:
scan:
examples:
search exploit
basic
msssql enum
mssql payload
ssh login enum (brute)
eternal blue example:
enumeration with kali/parrot tools:
enumeration with nmap:
null sessions
Use "enum4linux -n" to make sure if "<20>" exists:
If "<20>" exists, it means Null Session could be exploited. Utilize the following command to get more details:
If confirmed that Null Session exists, you can remotely list all share of the target:
You also can connect the remote server by applying the following command:
Download those files stored on the share drive:
bash
php one line (bash)
python
Thanks For Reading
visit INE page
