My eJPT Journey

*note: This blog is meant for total beginners, if you feel you are confident, skip this blog and just go for the exam :)

So, I am about to start OSCP and was looking back at eJPT prep to make a proper schedule. So, I thought I should give back to the community at the same time.

I will divide this blog into three parts, Background, Preparation and Examination.

There will be nothing here that gives away the exam so, if you are looking for stuff like that, just close this tab.

Background

So I completed eJPT in August 2021 with 18/20 points. I was/am 18 years old. I had computer science as a subject in high school so I had experience with programming, but I don't think it had much effect on eJPT. I did TCM-SEC’s Practical Ethical Hacking before even starting the PTS for eJPT. PTS was basically a breeze after PEH. I was doing HackTheBox and TryHackMe since June and was pretty comfortable with working on command line.

Preparation

The things covered by TCM-SEC’s PEH and PTS are pretty much the same, PEH focusing a little more on active directory. So when I was preparing, INE had PTS open for free for everyone on their website so I started the course as soon I found out. I did not cover all slides and videos since it was repetitive to PEH. I covered all the labs and made really comprehensive notes of anything that was not covered in PEH. The BlackBox Pentesting 1,2 and 3 mimic the exam really well. I did those labs in a period of a two days.

My Advice

The labs in PTS are very very relevant. Forget everything and do PTS first. If you are really confident, do the Black boxes at least. If you are really paranoid, like I was ,regarding pivoting etc. Look through TryHackMe’s WREATH’s write-up. Keep making exhaustive notes, preferably in a hierarchical note-keeper like cherrytree for proper organization. Do not skip any topic, especially the XSS and SQL portion, mentioned in PTS. If you cover PTS properly, there is no way you would be stuck in the exam.

Examination

The test is in MCQ format. It has 20 questions which can only be answered correctly if you break into all the machines. I started at 12:00PM and the first 30 mins went into initial reconnaissance. I put the network on nessus and took some deep breaths. I was prepared to do the whole three days of the exam which I thought I would need to do. Spoiler Alert, I finished in 6.30 hours of lab time.

So, I identified the machines on my network and started enumeration on them. Since I was thinking about how difficult this was gonna be, I ended up missing the simplest and most basic foothold on two machines. 3 hours into the exam, I had successfully completed the machines on my initial network, I found the other networks and pwned one network in the next 30 minutes. So, 5 hours in and only one machine left to do. I was hyped since the questions I answered would put my points above 15 so basically I passed. But that one machine was untouched by me. I spent the next 1.5 hours trying to get XSS to work, I was able to do *some* stuff but not completely so, I just marked a random option for that question.

After going over the questions, I clicked on submit and boom, I received a mail with my certificate and yay.

My Advice

You will get Rules Of Engagement and some more material. Go through that thoroughly. That stuff can actually give you additional hints for the exam.

Eat, drink water, take a walk , sleep during the exam if required. I was really anxious so I actually skipped lunch, but Looking back, I feel that three days is a long, long time for that particular exam. Get a good nights sleep before the exam and maintain a pen-testing report as you go through the exam, since you might need to look back. Keep screenshots and discovered credentials handy. Nessus is leet, its basically your path to root for some machines. Dont worry about privilege escalation, there is none. Hopefully, you wont need to, but If you do, fasttrack.txt and rockyou.txt are the only word-lists you might need apart from the stuff they provide.

Some Typical Stuff that might help

1. Traceroute → Find proper nodes with this tool. Practice and you will get the hang of it
2. Metasploit → Run it on everything. Ideally, you can pass the exam without metasploit but it’s really convenient.
3. Nessus → This is the path to root for some machines.
4. Nmap → -sC -sV will give you some really good stuff believe me.
5. Don’t run a lot of scans at once, it will cause issues sometimes.
6. Three days are a lot, chill.
7. Put on some lo-fi and drink a lot of water.
8. Don’t give up before the end of the exam. If you are not able to pwn the machines, you can literally learn to do that from scratch in those three days if you search for the right stuff.
9. Learn how to google stuff properly and google every service and version.
10. Enumeration is key, like literally sometimes XD.
11. eJPT is easy. Take it from me and just go for it.

Lastly, I would like to thank all the people who helped me out when I was preparing and getting paranoid. HackTheBox and TryHackMe’s discord servers are full of people who will help you out a lot. All you have to do is believe in yourself and don’t depend on anyone else. Follow the proper pen testing methodology and you will not have to worry about anything.

I hope this helped and I wish you the best in your journey.