Cracking the Code: My Top 12 Tips for Mastering the eJPTv2 Exam

My top tips & tricks for tackling the Jr Penetration Tester exam by INE

My Top eJPTv2 Tips

Greetings, fellow Cyber Mavericks!

Having recently passed the Junior Penetration Tester (eJPTv2) certification exam, I’m eager to share my top tips for effective preparation and success in your own examination journey.

This article is Part 2 of a 3-part series focused on the eJPTv2 exam.

• Part 1: Conquering the eJPTv2 Exam: My Journey
• Part 3: Resources for Mastering the eJPTv2 Exam

Part 1: Preparation Phase

1. Take good notes, plenty of notes, of everything

The most critical tip during your study is consistent note-taking. Despite the course’s length, resist the urge to rush through, relying solely on memory or lab write-ups.

This practice not only proves invaluable during the exam but also serves as a crucial reference throughout your pentesting career and future ethical hacking endeavors. Personally, I opt for Notion as my primary note-taking app, but alternatives like Obsidian, OneNote, CherryTree, Joplin, etc., are also recommended by many.

Take notes while studying

The key is to choose a note-taking app and diligently record insights from each video and lab in an organized manner, facilitating easy search and reference during the exam.

2. Practice with native tools available to you in Kali Linux

The PTSv2 covers a huge library of tools penetration testers use during every phase of the security assessment. Some of them are not installed on Kali by default such as Nessus, Autorecon, LinPEAS, Gobuster etc.

While I recommend you learn those tools regardless, for the exam, you need to focus on what is available to you on a fresh Kali install.

The Attack Box has no access to the Internet and you are not allowed to install any additional tools. You need to master the standard Kali tools at your disposal. The following list is some of the tools that I have used during my eJPTv2 exam:

• Brute-forcing: Hydra, crowbar, Nmap brute force scripts
• Exploitation Framework: Metasploit Framework, MsfVenom
• Hash Cracking: John The Ripper, Hashcat
• Misc. Utilities: curl, wget, grep, find etc.
• Network Discovery: Nmap, Nmap Scripts, fping, arp-scan, netdiscover
• Remote Access: xfreerdp, ssh, ftp, smbclient, mysql etc.
• Reverse Shells: Netcat, Metasploit Multi/Handler module
• SMB Tools: SMBClient, SMBMap, CrackMapExec, Enum4Linux etc.
• Vulnerability Research: Searchsploit, Nmap Scripts
• Web: Dirb. Burp, WPScan, Nikto

Hackers have many tools in their arsenal

Practice performing as many of these attacks as possible, not just with their standalone tools but also with the use of Metasploit Framework. Keep in mind, your mileage may vary in terms of results, and success levels might differ between these two approaches.

3. Work on your weak areas and practice

So you finished the course and plan to go over the entire curriculum again? Stop! Focus your time and energy by prioritizing the areas that are challenging to you.

Exercise your weak areas

Pivoting and Content Management System (CMS) attacks are often cited as stumbling blocks by those who took the eJPTv2 exam.

While the PTSv2 course covers these aspects to some extent, you’ll benefit by familiarizing yourself with the most common CMS systems listed below.

Ensure you know how to enumerate, brute force, exploit, establish a foothold through a web shell, and perform privilege escalation attacks on them. Those CMS systems include:

• Drupal
• Jenkins
• Webmin
• WordPress

4. Make a cheatsheet. I repeat, make a cheatsheet!

The last thing you want is to fumble around Google or sift through numerous lab notes, trying to recall the checklist or commands to carry out Privilege Escalation attacks or figure out how you formatted an Nmap scan output for more detailed scans.

This gem of advice ranks supreme, especially following the note-taking tip. While I didn’t manage to complete my own cheatsheet entirely (hovering around 70% completion), it emerged as my go-to asset during the exam.

I leaned on it for every attack, be it on services, reverse shells, privilege escalation methods, or the basics like common wordlist locations and search commands for flags.

Trust me, this tip has been a time-saver of epic proportions!

Cheat sheets are allowed

If you don’t have a cheatsheet of your own (why??), you can supplement your notes by using many other ready-made ones for eJPT/eJPTv2 and even the OSCP exam. A quick Google search should equip you with a few you like the look of and can use on your exam day.

5. Pre-plan your resources and notes before your exam

One thing you need to avoid is spending time structuring your notes for your findings or losing time trying to recall a handy resource you used before. Some examples are:

• Where are my course or lab notes? did I encounter this scenario before?
• What was that handy Reverse shell page I used for bash or PHP reverse?
• Where is my checklist for Linux Privilege Escalation methods?

Here is what I recommend to best prepare for the exam:

• Have your notes, cheatsheet and lab write-ups organized and ready.
• Create a list of the most important resources you will be consulting during the exam and have them open in your browser (group them if possible). They can include sites such: Revshells, PayLoadAllTheThings, HackTricks, GTFOBins etc.
• Create an empty template for your exam day report or findings.

Below is an example from my Notion note-taking app (obfuscated!):

Exam Day Notes Structure

Document Services and Credentials on each host

Document hosts on each network

Experiment with exam day reporting templates that work for you to make it easy for you to bounce between machines, document your findings and find them quickly when you need to. This will also prevent potential mix-ups when switching between machines.

Here is an example note naming convention which you can tweak:

<IP> — <Hostname> — <OS> — <Main Function> — <Pwned?>

Part 2: Exam Phase

6. Read the Letter of Engagement, multiple times!

This is undeniably a vital document that requires careful, repeated reading to grasp the expectations, scope of work, inclusions, exclusions, and the resources available to you.

Merely skimming or reading it once sets you up for confusion, potential rabbit holes, misunderstandings, and mistakes — a scenario you cannot afford, especially during an exam or a real engagement.

Engagement Letter

Reading and fully comprehending this document, usually called
RoE (Rules of Engagement) provides you with a preliminary blueprint of the network architecture and the environment at hand. This understanding is instrumental in planning your attack more effectively.

7. Read all the questions, multiple times!

This will help you plan your engagement in the most efficient way.
Many questions may contain a hint for a previous or a later related question. Only after reading all the questions at a high level once and with more laser focus and granularity, you will be able to piece together a picture of approximately how many systems the DMZ and the Internal network may contain, what operating systems or applications you will be faced with etc.

With a full two days at your disposal, resist the urge to rush this step and dive into hacking activities or answering questions prematurely.

Read and analyze all the questions

It’s essential to complete your analysis of the exam questions first to help uncover hints and establish relationships between the questions before jumping into the practical aspects.

8. Enumerate, enumerate, enumerate!

Alright, let’s talk about the underrated yet magical art of enumeration.

And yes, I’ll say it thrice because it’s that crucial and often rushed through during the exam as well as real-world engagements.

Now, in the wild world of practical penetration testing exams, and even in the thick of real-world engagements, never — and I mean never — underestimate the power of enumeration. It’s not just a step; it’s the secret sauce that unlocks the doors to vulnerabilities and possibilities.

So, my fellow cyber mavericks, when you’re in the trenches of exam rabbit holes or facing the challenges of the real deal and you hit a wall, you probably have overlooked something. Go back and: Enumerate, Enumerate, Enumerate!

9. Don’t give up when you hit a wall

There will be times when you hit a wall or feel like something eluded you. That is quite common, especially in the early stages of any practical exam or engagement. Chances are, you may feel like you haven’t made progress on the first day of your two-day adventure. Don’t fret, hang in there and try the following:

• Review the relevant lab write-up. For example, WebDAV exploitation.
• Review your notes or watch the relevant course video again.
• Google it! That is what every hacker would do during a real engagement!
• If you are still stuck, remember the previous tip and go back and enumerate some more. You have probably overlooked a step in the process or forgot to enumerate a service thoroughly.

10. Do not treat the eJPTv2 exam as a CTF

This is a trap everyone who played Capture The Flag (CTF) competitions, TryHackMe rooms or HackTheBox boxes falls for.

These CTF challenges tend to condition candidates to rush and fetch a “flag”. In a real penetration test or a practical exam such as eJPTv2, you are expected to perform all stages of the pentesting lifecycle and find all vulnerabilities you are able to uncover. The job is not done once you find the admin credentials or the “flag” file.

The primary goal is to find as many vulnerabilities as possible for client risk assessment. Overlooking vulnerabilities could have catastrophic consequences in a professional engagement or practical exam.

11. Efficient multi-tasking while hacking away — The Ninja

Ever wish you could clone yourself during a hack? While that might be a bit tricky! Here’s the next best thing:

• Optimize Scans: Once your quick nmap scan is done, dive into exploring common services and easy targets. Simultaneously, launch a slower but more comprehensive TCP/UDP scan across all ports for thorough coverage.
• Automate Brute Forcing: Got a username or a user list during enumeration? Let your automated brute force tools, like Hydra, do the heavy lifting while you tackle other tasks.
• Hash Cracking Hustle: Snagged some hashes, but the standard dictionary didn’t unlock the magic password? Run John or Hashcat with beefier lists (think rockyou.txt) while you proceed with other tests.
• Directory Enumeration Mastery: Start with small wordlists for web directory enumeration, then escalate to larger lists while you’re immersed in manual testing of previous results.

Hack, Multitask, Multiply!

12. Take regular breaks when tired or stuck

A tip often overlooked is the value of taking breaks when fatigue or challenges set in! With a generous 48-hour timeframe for this exam, you have ample time not only to complete the exam but to complete it with success.

Take breaks

Remember to step back and take breaks from time to time.

Taking breaks provides your brain the opportunity to process information subconsciously. Returning with a refreshed mind and body boosted my thinking and performance whenever I was stuck. Don’t underestimate that!

Bonus Tips

You didn’t think I’d let you go with just 12 tips, my dear Maverick, did you? :)

If you’ve hung in there this far (and resisted the temptation to cheat by scrolling straight to the good stuff), here are a few more exam tips straight from my own journey:

13. The art of establishing relationships between the questions

Once you have read the questions multiple times you will begin to notice some links between certain questions.

• You are faced with a question about the function of a server but subsequent questions might offer hints about the running services on that very server.
• Certain questions might drop hints about users on a server. While your enumeration may have initially captured only a few users, the hint could provide additional ones. This presents an excellent opportunity for effective brute forcing.
• Certain questions might generously drop hints on the exploits worth your attention. When you’re faced with 4 multiple-choice answers, opting for an endless search for an entry point becomes imprudent. Instead, consider exploring the exploits hinted at by the question pertaining to that specific machine.

What’s the most efficient way to leverage this? Here’s my method:

1. Compile all questions into a single text file for convenient searching.
2. Group questions associated with a specific server together using a search function.
3. Copy those grouped questions to the top of your exam notes for that particular server.
4. While actively testing and compromising a server, ensure you address and find answers to all related questions from the captured and grouped list (e.g. if on Server-01, do not move on until you answer all questions related to Server-01).

It’s all about multi-tasking and working smarter, not harder!

14. Automation Magic — Automagic!

Part of my exam preparation was to automate some of the lengthy or repetitive tasks. I created several bash scripts in advance, which I then copied over to my INE Attack box.

This allowed me to multitask — reading the exam questions while simultaneously running my initial network-wide discovery and port scans in the background — making efficient use of my time.

I have included one of my example recon.sh scripts from my GitHub repository. Please feel free to use or adapt it to your needs and follow my GitHub repository for more scripts in the near future. Should this script prove useful to you, let me know in the comments below!

Automate repetitive tasks

15. A Puppet Master has all resources ready at the fingertips

Before you start the exam, have all your resources ready and open in multiple tabs in your browser to save time looking for them. Below is a sample of the resources I had at the ready:

• INE’s lab write-ups on the course website.
• My own lesson and lab notes.
• My local instances of Kali (e.g. run hash-cracking faster).
• Google and exploit-db.com on my local machine for research.
• For Additional resources see the below tip.

14. Your Swiss Army Knife of Resources

In addition to the resources in my previous tip, I had a set of supplementary tools readily available, proving beneficial at different stages of the exam.

Go to battle with your Swiss-Army Knife ready!

Here are some of the useful websites I had open:

• CrackStation
• CyberChef
• GTFOBins
• HackTricks
• Hash Analyzer
• Nmap NSE Doc
• PayLoadAllTheThings
• Reverse Shell Generator
• Upgrade a Linux reverse shell to a fully usable TTY shell

I have compiled a more comprehensive list of resources I used during my preparation for the exam. If you haven’t already, please check out my article: Arming for Success: Resources for Mastering the eJPTv2 Exam

Secret Tip Unlocked!

Wow, you’ve stuck with me right until the end. Your tenacity is truly appreciated!

The ultimate key to acing your exam? Embrace the fun!

Trust me, your mindset and attitude are the real game-changers.
Your primary goal is to dive into the world of ethical hacking, a journey with its share of challenges, shaping you into a proficient penetration tester.

Sure, you can just focus on passing the exam and move forward, but that’s not the right mindset. Whether you succeed or encounter a stumble, every step teaches you something invaluable. Treasure that knowledge, practice it, and let it become the foundation you draw upon in future ethical hacking endeavors and real-world engagements.

Hack and party on!

My own practical exam was a blast, and that’s the magic ingredient.

It transformed what could be a pressure-packed, stressful test into an opportunity. I got to apply months of acquired knowledge, legally hack into a couple of networks, and showcase my mastery of the foundational material. Remember, it’s not just an exam; it’s a chance to enjoy the journey and truly learn.

What was my exam day like? Almost the same as my favorite fun CTF:

• Spotify on — my favorite “hacking” tracks playing in the background.
• Hot/cold beverages and lots of snacks were readily available.
• Regular breaks to take my mind off the exam whenever I reach a milestone.

Don’t forget to have fun and go in with a positive attitude. It makes a huge difference!

Conclusion

In closing, mastering the eJPTv2 is more than passing an exam; it’s an invigorating journey into the realm of ethical hacking. I hope that these tips serve as a guide to meticulous preparation and strategic thinking, offering not just help with your eJPTv2 journey but any future certification exam endeavors.

As you navigate this exciting odyssey, embrace the challenges as opportunities to learn, savor the process and have fun along the way!

Thank you for exploring the world of cybersecurity ethical hacking with me. Whether you’re a seasoned maverick or a curious newcomer, best of luck on your eJPTv2 exam. :)

Remember, it’s not just a test; it’s a chance to refine your skills, expand your knowledge, and above all, have fun.

Join the Journey

Thank you for your support and for visiting my blog.

Please follow me for more future content around CTFs, Ethical Hacking, Certifications and much more.

I would appreciate any comments, feedback or queries you may have.

Happy Hacking!

CyberSecMaverick