Y1m4r

Y1m4r

Pentester, Soc Analyst, CTF player

Conquering the eJPTv2, My Journey and Tips

This Python script is designed to brute-force passwords of length 1 to 7, using lowercase letters and numbers. It is intended for educational and ethical purposes only. The program demonstrates how brute-forcing works and can be modified to suit specific needs, such as cracking longer passwords or including uppercase letters and special characters.

Introduction

Hey everyone! Ever thought about diving into the world of Ethical Hacking and Penetration Testing? Or maybe you’re curious about tools like Metasploit and how to defend against attackers? If so, the eLearnSecurity Junior Penetration Tester (eJPT) certification might just be your perfect starting point.

Designed for those with minimal experience, the eJPT isn’t just another certification—it’s a full-blown training ground. With 148 hours of content, it covers everything from Assessment Methodologies to Post-Exploitation Testing and Web Application Penetration. It’s packed with real-world scenarios and dozens of hands-on labs, making it a great way to build the skills you need to shine in a penetration testing team.

What’s cool is that the eJPT aligns with industry standards like NIST, helping you develop competencies in roles like Vulnerability Assessment Analyst and Exploitation Analyst. So, if you’re looking to break into cybersecurity, this certification is both relevant and practical.

A Little About Me:

Hi, I’m Yimar! I’m a cybersecurity professional from Colombia with a background in software engineering. After graduating, I landed a 6-month internship as a Security Analyst and was lucky enough to stay on for an additional year. Right now, I’m on the job hunt, but I wanted to get at least one certification under my belt to check off that HR box.

I looked into a bunch of options like CEH, Security+, and OSCP, but I ultimately chose the eJPT. Why? Well, I’ve always been drawn to the offensive side of cybersecurity, and a professor from my university’s hacking club (who was also a student at the time) inspired me to go for it. Plus, after some research, I found out it’s internationally recognized and, best of all, it’s a practical exam—you actually have to hack machines to answer the questions!

Why eJPT?

The eJPT is super affordable at just $249 USD, which includes the certification, two exam retakes, and three months of structured training. I got lucky and snagged a promotion, paying only $150 USD. The exam itself is a practical, beginner-friendly challenge—think of it as an OSCP for beginners. You get three days to answer 35 questions by hacking into machines.

The training starts with the basics and slowly builds up your confidence in network pentesting. They teach you how to use tools like Nmap, Metasploit, and Hydra effectively. The course is an impressive 148 hours and 53 minutes, broken down into four sections: 12 courses, 229 videos, 153 quizzes, and 121 labs.

If you’re just starting in cybersecurity or want to level up your pentesting skills, the eJPT is definitely worth checking out!

What You’ll Need

This is an entry-level certification, so you don’t need to be a tech wizard to get started. A solid understanding of computers, operating systems, and networking basics should be enough to set you on the right path. The eJPT isn’t just about validating your skills it’s about unlocking your potential and opening doors to exciting opportunities in the competitive world of cybersecurity.

What’s the Exam Like?

The eJPT exam is broken down into four main sections, each focusing on a different aspect of penetration testing. Here’s the lowdown:

  • Assessment Methodologies: Information gathering, Footprinting and scanning, Enumeration, Vulnerability assessment
  • Host and Network Auditing: Enumerating system information on the target, Transferring files to and from the target
  • Host and Network Penetration Testing: System/host-based attacks, Network-based attacks, The Metasploit framework, Exploitation, Post-exploitation, Social engineering
  • Web Application Penetration Testing: Introduction to the web and HTTP protocol

How I Prepared for the Exam?

It took me about 2 months to get through the course material, dedicating around 14 hours per week. In total, the course is 156 hours long, but I managed to finish the video content and labs in about 100 hours. I studied roughly 3 hours a day from Monday to Friday, and I’ll admit I watched most of the videos at 2x speed. Hey, time is precious, right?

The Course Content: The videos are well-made, but here’s the thing—there’s a bit of repetition. That said, this repetition can actually be a blessing for complete beginners, helping to hammer home essential concepts. So, I’ll cut them some slack on that front. The course leans heavily on the Metasploit framework, which is great for beginners diving into penetration testing for the first time. Personally, I think following the INE training path is the best way to go it prepares you perfectly for the exam.

On top of the course, I had some experience with CTFs and HackTheBox machines, plus I went through a few online labs. By the time I was done, I felt more than ready for the exam.

What You Should Be Familiar Withl; Here’s a quick rundown of the skills and tools you’ll want to have under your belt:

  • Kali Linux basics (navigating BASH, modifying files, setting permissions, etc.)
  • Nmap (scanning individual targets and subnets for host discovery)
  • Metasploit (searching for modules, running exploits, handling reverse shells, etc.)
  • Nwtcat (at least some familiarity)
  • Password cracking with tools like John the Ripper or Hashcat
  • Online brute-force attacks with Hydra
  • Common network services (FTP, Telnet, etc.) from CTFs
  • Basic vulnerability scanning and familiarity with common vulnerabilities
  • Linux privilege escalation basics
  • Web application scanning with tools like dirb, DirBuster, Gobuster, and nikto
  • Interception proxies like Burp Suite (at least a passing familiarity)

The Exam Experience

Let’s start with the good stuff:

48-hour time limit: Honestly, this was way more than I needed, but for folks with busy schedules or those new to pentesting, it’s a lifesaver. It gives you plenty of time to take breaks, relax, and even sleep before jumping back in. Broad but shallow content: The exam covers a wide range of exploitation techniques at a basic level, with a strong emphasis on enumeration. And let’s be real—enumeration is the backbone of any pentest, so this makes perfect sense. Browser-based lab: The exam provides a Kali Linux environment right in your browser, complete with all the tools, scripts, and wordlists you’ll need. No need to set up your own VMs—just log in and start hacking. It’s super convenient and works on any device with a solid internet connection.

The course is thorough and detailed, covering everything you need to pass with flying colors. If you’re new to pentesting or haven’t done many CTFs, I highly recommend going through all the lessons and labs.

A Quick Note on Timing You might hear people say they passed the eJPT in just 6 or 12 hours. That’s usually because they’ve got tons of experience or have been grinding CTFs for a while. If you’re a newbie, don’t rush it—take your time. I finished my eJPT exam in 41 hours 😂. I slept well, took plenty of short breaks, and honestly, stepping away from my laptop helped me think more clearly when I got stuck.

So, if you’re prepping for the eJPT, remember: it’s not a race. Take your time, practice, and you’ll crush it! 🚀

Exam Day

I started my exam at 9 PM on a Sunday, knowing I had all of Monday and Tuesday free to work on it. The first thing I did was fire up Nmap and scan all the live IPs to gather information and enumerate the hosts on the target network. I took detailed notes about the network environment to keep everything organized.

Next, I skimmed through all the questions and made notes about the machines and targets mentioned. This way, I wouldn’t waste time exploiting machines that weren’t relevant to the exam. By 11 PM, I had already answered 16 questions thanks to the results from Nmap. The better you are at enumeration, the faster you’ll find answers during the exam. I called it a night at 11:30 PM and got some rest.

The next morning, I woke up around 8 AM after a solid 8 hours of sleep and jumped back into the exam. It was time to start exploiting! I explored the services running on the machines and exploited vulnerabilities like RCE (Remote Code Execution), command injection, and brute-forcing. I took about 3 breaks throughout the day, which helped me think more clearly and understand the network better. By 11 PM on the second day, I only had 7 questions left unanswered.

On the final day, I woke up and tackled the remaining questions. I managed to grab two flags I had been close to the day before, but the last 5 questions were a headache. It was time to pivot. After trying a few different approaches, I thought I had the answers, but it turns out I missed a few—I ended up scoring 80%. That section was definitely the toughest for me.

Pro Tip: Don’t get discouraged if you don’t make much progress in the first hours. Take breaks, nap, or go for a walk. The second day is usually better because you’ll have all the scanning info ready, and you can dive into the exploitation phase. That’s when you’ll start answering more questions.

Tips for Success

  • Take Notes During Training: Keep detailed notes while going through the course material. Trust me, they’ll save you during the exam.
  • Use the Questions to Your Advantage: If you’re stuck on a question, use the wording to guide you. For example, I had two questions related to the same machine. By gathering info from other machines in the network, I was able to eliminate some answer choices and increase my chances of scoring points.
  • Questions Aren’t in Order: The questions aren’t sequential, so you might find the answer to question 28 from an Nmap scan, while question 2 might require you to get a shell and escalate privileges. While Nmap is running, quickly review all 35 questions so you know what to look for in the scan results.
  • Focus on the Right Services: You don’t need to exploit every service on a machine. Read the questions carefully—they’ll tell you which service to target. Start with common ports like 21 (FTP), 22 (SSH), 445 (SMB), and 3306 (MySQL). Remember, this is a junior-level exam, so keep it simple.

I recommend this videos:

  • eJPT Preparation Course Penetration Testing: https://www.youtube.com/watch?v=pdgBU9MDAwE
  • 🧪Laboratorio de preparación eJPTv2 Simulación de examen: https://www.youtube.com/watch?v=v20IsEd5nUU&t=14928s
  • Also recommend this cheatsheet: https://aluvi.notion.site/eJPTv2-Complete-Cheat-sheet-d5b052c525d94c89b5d41183bd5c39fd

Conclusion

Taking the eJPT v2 was a solid experience. It gave me a clear picture of what ethical hacking and penetration testing are really like. The content, real-world labs, and exam environment all come together to give you a genuine feel for the job. When I compare it to other certifications, the eJPT v2 holds its own—especially considering its price and how well it aligns with industry standards like NIST. If you’re thinking about getting into penetration testing or just want to learn more about cybersecurity, this certification is a great bet.

To wrap it up, I want to say good luck to everyone preparing for this exam! Don’t stress too much. If you can snag the eJPT course and certification at the discounted rate of $150, I think it’s totally worth the investment. That said, here’s the catch: it’s not for those looking to dive straight into the deep end. You need a solid foundational level before committing your money to security training, and that’s where hands-on learning becomes crucial.

In fact, I highly recommend beginners explore free resources like HackTheBox or TryHackMe. These platforms offer quick, hands-on learning and serve as an ideal starting point for building a strong foundation. Once you’ve built up your confidence and skills, then consider paying for the eJPT.

So there you have it, folks. If you’re eager to dive into the world of cybersecurity and want a beginner-friendly way to kick off your journey, the eJPT certification might just be your golden ticket. Dive in, stay curious, and happy hacking! Oh, and one last thing take good notes and remember: enumeration is key!

Good luck, and happy hacking! 🚀

Categories:

Updated: