2023 eJPTv2 — My Experience and Here’s How You Can Crack it on Your First Attempt!!!

Hello everyone, I recently passed EJPTv2 Certification exam offered by INE Security. If you are preparing for the exam, I hope this writeup will help you understand the Exam format, types of questions and also some strategies for success.

A short introduction about the Certification and the Exam Format

The ElearnSecurity Junior Penetration Tester v2 is an entry-level pentesting exam that is entirely practical. It is a 100% online exam where you are provided with an in-browser Kali machine without an internet connection. Thus, you can only use the tools mentioned in the “Letter of Engagement” for the attacks.

The exam consists of 35 questions of different types, including MCQs and flag submission questions, and you have 48 hours to complete it.

Unlike a CTF, you are given access to a DMZ network with active hosts (both Windows and Linux targets), replicating a real-world scenario. You need to perform various phases of a pentest, starting from Enumeration to Post Exploitation, and pivot to other hosts in the internal networks to answer the questions.

What’s my Background

I am a beginner but I’m not completely new to pentesting but I had some prior experience doing CTF challenges on platforms like TryHackMe and HTB. Additionally, I completed the Practical Ethical Hacking course by TCM a few months ago, giving me a basic understanding of pentesting concepts. Still the PTS course had many things that was new to me. It is also great as its almost 150 hour long and has some deep and extensive info about certain concepts like Enumeration etc..

So If you are a complete beginner, Its always better to start with TryHackMe or you can do it along side the PTS course.

How was the Exam for Me?

As mentioned before, the exam duration is 48 hours, which is more than enough time to complete it, even for a beginner.
In my case, I started the exam at 6:00 in the morning and finished it in about 12 hours. Initially, I felt some pressure, but gradually, I became comfortable.
I approached the exam systematically, starting by enumerating all active hosts. I performed an Nmap scan for all hosts and documented the results. Instead of rushing, I took a deliberate approach, approaching each target one after the other.

I conducted detailed enumeration on each open port, checking for common vulnerabilities and attempting to brute force credentials. To my surprise, the pivoting part, which I was initially worried about, turned out to be manageable. However, most of the questions I missed were from the Web hacking section.

Here’s How you can Crack it on Your First Attempt!!

1. Everything you need to pass is in the PTSv2 course material. So take the course content seriously!! Take your time to grasp each concept fully. Rewatch videos if necessary.
2. Enumeration is the Key to Success!!! The difficulty of the exam depends on how good you are in enumeration because most of the questions can be answered just by properly enumerating the target. So the enumeration section is very important. All others are also important but make sure to give an extra attention in enumeration part.
3. Take good notes!! I repeat Take good notes as it will be very helpful during the exam and also it will be a good documentation for your future references. Keep it simple and well-managed so that you can easily find what you want. Remember a good pentester always has good notes.
4. Master in Nmap and Metasploit!! Nmap scripts and MSF modules can be incredibly helpful in Enumeration part. Also the PTSv2 course has deep and extensive content about them. And Alexis, the instructor does a great job in explaining them in detail.
5. Read the Letter of Engagement, then Read it again! Familiarize yourself with the network setup and the tools allowed for the exam.
6. Preview All Questions!!! Read through all the exam questions beforehand. It provides hints and can significantly narrow down possibilities, making tasks like bruteforcing easier.
7. Make yourself familiar with Webdev platforms like “Drupal” and “Wordpress” and how to attack those. Its discussed in the course but i felt its not enough. Tools like “wpscan” which is allowed for the exam are not discussed in the course.
8. Dont skip any course labs!!! as they will give you a clue on how to do it on exam day. If you skip or don’t do any of the labs, you will have some problems during the exam.
9. Use Google if Needed!! exam is open-book, so feel free to use Google.
10. And Last but not the least, Don’t Panic!! Remember that this is an Entry-Level exam and treat it like that. Don’t rush, approach the targets one by one. You have more than enough time to complete it. Take Breaks if needed, have a nap or do whatever you like if you fell stressed.

Another quick tip for Success

Leverage TryHackMe — it’s a valuable resource. It has everything you need to understand the fundamentals of penetration testing. They have a lot of Capture the Flag (CTF) challenges to help you practice different attacks that you learned throughout the course. In my opinion, use this as a supplementary study material. If you are confident enough, solve it during the course or once you finish the entire course. Here are some TryHackMe rooms that you can checkout:
Blue, Ice, Bolt, Blaster, Pentesting Fundamentals, Ignite, Blog, Startup, Chill Hack, VulnNet: Internal, Poster, Skynet, Wonderland

Final Thoughts

The exam was challenging yet enjoyable. With good notes and proper practice, you can easily tackle it. Don’t let the difficulty overwhelm you; remember, it’s a beginner-level exam. Take breaks, stay calm, and best of luck to all future exam takers!

I hope this blog was helpful to you. Thank you for reading. You can follow me for more informative material on:

- Twitter: https://twitter.com/ab3lsec
- LinkedIn: https://www.linkedin.com/in/ab3lsec/
- Medium: https://medium.com/@ab3lsec
- GitHub: https://github.com/ab3lsec