eJPT Walkthrough
eLearnSecurity Junior Penetration Tester (eJPT) Walktrhough
Skillset
Even we are talking about a beginner entry-level certification in penetration testing, the exploitation phases I went through were considerably easy. No need to code exploits or even to modify existing ones. Everything can be done through metasploit or using legitimate tools after getting some credentials.
I think one of the most important skills required is a good understanding on the Linux Command Line. I consider that the fact I’ve been using Linux for few years has helped me a lot in passing it, many points were thanks to it.
Time
48 hours is a lot of time for exploiting every single machine, but is great having that much and don’t hurry up. I took me 18 hours counting the time I spent having lunch, pauses and even a long hours nap.
Preparation
The Junior Pentester course offered by INE is good but maybe too long. It takes
160 hours but I think is quite repetitive. It covers the pentester methodology
from the beginning to the end, and some of the phases are not required for
passing successfully the eJPT. Moreover, I didn’t do any web attack or even
use BurpSuite. On the other hand is good I went through the course because is a
great introduction to a pentester career.
Walkthrough
When I started, after a quick recon of the network and the identification of the active machines, I thought it would be extremely complicated. Sometimes I was blocked in bottlenecks, spending even hours without getting anything, but that’s part of the process. A quick break would give me a solution.
One machine has access to an internal network, from the DMZ Network we got direct access. To exploit that was pretty easy since there wasn’t many machines on the internal network and was easy to identify the vulnerable one, whith its services running.
But, as I said before, many questions could be answered just with command line skills, whithout the use of hacking tools.
I ended up answering everything with only one wrong question, which gave me a result of 34/35.
Conclusions
In this post I just wanted to give my opinion about eJPT. It was fun to go
through it, the lab is cleverly designed which I appreciate, and I would
recommend it to everyone who likes solving problems and has skills in systems
and networks. Also, the price is very convincing.
