Navigating the eJPTv2 Exam and Building Expertise in Ethical Hacking

We are delighted to showcase the exceptional accomplishment of one of our esteemed Prime members, who has not only successfully conquered the eJPTv2 exam but has also shared an insightful write-up encapsulating the entire experience. This meticulously crafted document not only details the challenges faced during the examination but also serves as a curated guide to valuable resources that played a pivotal role in shaping this triumphant journey.

Hey folks,

In this comprehensive write-up, I'm thrilled to share not only my experience tackling the eJPTv2 exam but also a curated list of invaluable resources that played a pivotal role in shaping my journey of preparation.

My expedition began when I stumbled upon a discounted price of $150 for the eJPT voucher and course subscription, originally priced at $250. Recognizing the opportunity, I seized it without hesitation.

Before delving into the course, it's worth noting that I already had a foundation in understanding OWASP Top 10 vulnerabilities and the basic usage of tools like msfconsole, msfvenom, Networking, Burp Suite, and NMAP basic scan. This serves as a reference point to showcase my starting knowledge and the enhancements made during and after the course.

The Penetration Testing Student (PTS) course, spanning 45 days, meticulously covered all phases of hacking. The initial sections focused on Information Gathering, Enumeration, Vulnerability Assessment, and Auditing Fundamentals. The standout segment was the third section, 'Host & Network Penetration testing,' comprising five sub-courses: 'System & Host Based Attacks,' 'Network Based Attacks,' 'Metasploit Framework,' 'Exploitation,' 'Post-Exploitation,' & 'Social Engineering.' The hands-on approach, especially in the 'Exploitation' segment with Black Box Labs, was instrumental in honing practical skills.

The course concluded with 'Web Application Pentesting,' addressing well-known tools and software used in web pentesting. Post-course completion, I practiced on FREE TryHackMe LABS to reinforce my understanding of vulnerabilities, with a particular focus on enumeration labs to identify known vulnerabilities on the target.

Exam Experience:

When it comes to my exam, I found myself initially in a DMZ Network (De-militarized Zone). From this point, I had to launch attacks to gain access to vulnerable machines, checking if any of them were connected to the internal network for further exploitation. In my dynamic exam, there were a total of 6 servers on the DMZ network. My approach to accessing the machines was systematic, starting from lower ports to higher ones.

Upon an aggressive NMAP scan, an open port 80 led to a WordPress website. Utilizing 'wpscan,' I gained access to the admin panel of the first server, a relatively straightforward task involving clever code replacement. Utilizing "revshells.com," I generated a payload for seamless connection to my machine, requiring no privilege escalation. After local enumeration, I answered all questions for the first machine.

The second server, identified through another NMAP scan, had a common misconfiguration and vulnerability. No privilege escalation was necessary, and I confidently answered all relevant questions.

The third machine presented a challenge, requiring enumeration of inherent vulnerabilities in running services. Exploiting the vulnerability was straightforward, but privilege escalation to root on the Linux machine demanded focused attention. Extensive enumeration, especially in the database, revealed sensitive information. Accessing the database, I answered all questions for the third machine.

Fourth Server Challenge:

The fourth server posed a challenge with no apparent misconfigurations or vulnerable software. After exhaustive searching, I resorted to brute-forcing services like SSH and SMB. This led to the discovery of credentials for 2-3 users, granting access to the server. Confirming it was part of an internal network, I answered all questions for the fourth machine and pivoted into the internal network.

Here, while attempting to use proxychains for a simple NMAP scan, I encountered errors. Then, I used the tcp portscan msfmodule, allowing me to verify the open ports. Recognizing the potential, I performed port forwarding on the ports that seemed interesting. A subsequent NMAP scan, this time via port forwarding, provided the insights needed. After scanning hosts, I selected the target with the most open ports and searched for vulnerable services. Exploiting a vulnerable service, I completed all questions, leaving two servers in the DMZ, the fifth and sixth.

Despite extensive searching and brute-forcing, these remaining servers seemed impervious. After 40 minutes of unsuccessful brute-forcing, I decided to submit the exam while cross-checking answers. That sums up my challenging yet rewarding exam experience, and with an increasing heartbeat, I was eagerly awaiting the result to pop up. Suddenly, it appeared with a congratulatory message. I was overjoyed as it marked the achievement of my very first professional certificate. 🎉

Learning Resources

Networking:

- Basic: [TryHackMe - Intro to Networking](https://tryhackme.com/room/introtonetworking)

- Fundamentals: [TryHackMe - What is Networking](https://tryhackme.com/room/whatisnetworking)

- Lan & Protocols: [TryHackMe - Intro to LAN](https://tryhackme.com/room/introtolan)

- Subnet & Routing: [TryHackMe - BP Networking](https://tryhackme.com/room/bpnetworking)

- Recon: [TryHackMe - Active Recon](https://tryhackme.com/room/activerecon)

- Logs & Blue teaming: [TryHackMe - Juicy Details](https://tryhackme.com/room/juicydetails)

Enumeration:

- Nmap: [TryHackMe - Further Nmap](https://tryhackme.com/room/furthernmap)

- Basic Enum: [TryHackMe - Easy CTF](https://tryhackme.com/room/easyctf)

- Wireshark & gobuster: [TryHackMe - Startup](https://tryhackme.com/room/startup)

- Directory busting: [TryHackMe - Pickle Rick](https://tryhackme.com/room/picklerick)

- Linux: [TryHackMe - Anonymous](https://tryhackme.com/room/anonymous)

Password/Hash Cracking:

- Hydra: [TryHackMe - Hydra](https://tryhackme.com/room/hydra)

- Hashcat & john: [TryHackMe - Crack The Hash](https://tryhackme.com/room/crackthehash)

- Hash Cracking: [TryHackMe - Crack The Hash Level 2](https://tryhackme.com/room/crackthehashlevel2)

- Basic: [TryHackMe - Overpass](https://tryhackme.com/room/overpass)

Web:

- SQLI: [TryHackMe - SQLILab](https://tryhackme.com/room/sqlilab)

- Sqlmap: [TryHackMe - Revenge](https://tryhackme.com/room/revenge)

- XSS: [TryHackMe - Marketplace](https://tryhackme.com/room/marketplace)

Exploitation:

- Metasploit: [TryHackMe - RP Metasploit](https://tryhackme.com/room/rpmetasploit)

- Window exploitation: [TryHackMe - Ice](https://tryhackme.com/room/ice)

- SMB: [TryHackMe - Blue](https://tryhackme.com/room/blue)

- SMB: [TryHackMe - Kenobi](https://tryhackme.com/room/kenobi)

- Post exploitation: [TryHackMe - Post Exploit](https://tryhackme.com/room/postexploit)

- Pivoting: [TryHackMe - Wreath](https://tryhackme.com/room/wreath)

Privilege Escalation:

- Windows Privesc: [TryHackMe - Windows10Privesc](https://tryhackme.com/room/windows10privesc)

- Linux Privesc: [TryHackMe - LinuxPrivesc](https://tryhackme.com/room/linuxprivesc) &

[TryHackMe - LinPrivesc](https://tryhackme.com/room/linprivesc)

- GTFO Bins: [GTFO Bins](https://gtfobins.github.io/)

All-in-One (Enum, Exploitation, Privesc, Web):

- Basic Pentesting: [TryHackMe - BasicPentestingJT](https://tryhackme.com/room/basicpentestingjt)

- Vulnversity: [TryHackMe - Vulnversity](https://tryhackme.com/room/vulnversity)

- Ignite: [TryHackMe - Ignite](https://tryhackme.com/room/ignite)

- Wordpress: [TryHackMe - Blog](https://tryhackme.com/room/blog)

- Chill Hack: [TryHackMe - ChillHack](https://tryhackme.com/room/chillhack)

- IDE: [TryHackMe - IDE](https://tryhackme.com/room/ide)

- Valley: [TryHackMe - ValleyPE](https://tryhackme.com/room/valleype)

- Probe: [TryHackMe - Probe](https://tryhackme.com/room/probe)

Vulnerable Machines (Optional):

- Root-Me: [TryHackMe - DC-1](https://tryhackme.com/room/dc1)

[TryHackMe - DC-4](https://tryhackme.com/room/dc4)

[TryHackMe - DC-6](https://tryhackme.com/room/dc6)

- NullByte: [NullByte](https://tryhackme.com/room/nullbyte)