Thank you all for reading, commenting on my previous posts and contacting me on LinkedIn too. I love talking to you all, its great connecting with people who are also so passionate about pentesting!
What have I done in the last week?
I managed to get another 15/16 hours of studying completed. This included reading slides and spending time on the labs. I have completed all the labs now! Iv spent 17 hours of the 60 hours lab time I got with my package. (this includes the black box testing labs, more on those later!). The remaining labs I finished off, following on from previous weeks were:
- Bruteforce and Password cracking
- Null session
- ARP Poisoning
- Black-box Penetration Test 1
- Black-box Penetration Test 2
- Black-box Penetration Test 3
As I mentioned last week too, the trend continued! The deeper I dived in to the labs the more interesting and fun they got. You feel that eLS slowly lets go of your hand and starts to expect you to know certain things by now. Even in the solutions of each lab. At the starts they literally tell you every step of what to click and do but towards the final few labs its not like that no more. Yes they give the solutions of what to do but nowhere near as much detailed as it was at the start.
I did struggle with the Null Session lab.. not because i didnt understand it but I had trouble with kali linux! Apparently Kali linux 2019 version struggles with a tool (enum4linux). I did read the forums on the eLS community and there were solutions but for some reason they wouldn’t work on my kali.. strange! During that lab i realised that there is more than one way to get where you want to get. After i did the metasploit lab I used the techniques learned from that lab and applied it to the null session lab and I got the result I wanted! Metasploit lab was awesome!
Metasploit and the black box pentesting labs
Definitely worth mentioning these labs! These were so EPIC! Ok, so I know my long term plan is OSCP and you cant really use metasploit during the exam for OSCP.. but this is not OSCP! Why not use tools that have been created for you to use? I think metasploit is amazing, its the first time during the lab that I had hands-on experience and it was fun and fairly easy to understand. Really handy when it comes to reverse shells and pivoting 🙂
Finally lets move on to the black box pentesting labs! When I first started I did some reading on the forums regarding these labs. I didnt know what to expect and I wanted to mentally prepare myself before starting. What I quickly found out was that the eJPT exam will not be as difficult as the black box labs, which was a relief! It also mentioned by some students that some of the techniques used in the black box labs wont be part of the eJPT.
The aim was to find at least one flag without using any help and I succeeded! It was such a great feeling. Yes, it did take me a loooooong time but I did do it myself! I just wanted to make sure that I nailed the recon and footprinting and that I understood what each open port meant. Set a strong platform and then build on it! With the remaining flags I did need help and I did use the solutions, I made lots of notes too and I learned a hell of a lot too! I don’t know if its just me but i definitely learn more and in greater detail when I am hand-on instead of just reading about it.
I am actually starting to think about taking the exam soon now. Definitely in the next couple of weeks.. I am going to go over all the labs again! This time I will not use the solutions but try do it all by myself and will only use my notes. This will show me how strong my notes are and if they need improving or more detail. Hopefully the labs wont take me as long as they took me the first time round so the aim will be to complete all the labs by the end of the week!
That’s it for this week! Good luck to everyone else attempting eJPT or any other exam! Keep trying, don’t give up, take a break, avoid tunnel vision, step back and look at the whole picture.. frustration is part of the game 😉