‘Black Box’ Test on eJPT Exam

I have studied OSCP/PWK course for 2 weeks, have gone through the textbook and finished PWK Lab Learning Path (11 Boxes). To check my staged learning outcomes, yesterday evening I suddenly came up an idea to register eLearnSecurity’s eJPT Exam and take it immediately, without any preparation and training (PTS). Yep, it is a black box test for me to take eJPT exam. And after about 4 hours, I passed it. Since I did not study PTS, maybe I could not give an accurate impression and review about eJPT course PTS, however I want to share my experience and review on eJPT exam itself.

Actually I heard of eJPT before, I know it is a 72 hours fully hand-on exam which consists of 20 questions. I also read some reviews about it, they are all quite positive. Therefore I am curious about this exam but unfortunately I don’t have time to study PTS and take the exam because I keep taking exams and then registering for next certification course immediately. Many reviews’ authors say the exam do not really require 72 hours, they usually complete the exam in about 8 hours and the exam itself is not difficult, I believe the exam is within my skill level, therefore I decide to have a ‘black box’ try.

Here is the timeline:

7/10 22:40: Purchased eJPT exam voucher

7/10 22:40–7/11 00:10: Completed registration steps, ate some food and drunk some water in case of being hungry or thirsty during the exam

7/11 00:10–7/11 3:02: During the exam

7/11 3:02: Submit the exam and passed it

I get 18/20 of the exam, actually I answered 18 questions and there were two questions related to FTP service, but I could not connect to target’s FTP service by any mean with my Kali VM, and I knew my points was enough for passing, therefore I chose these two questions’ answers randomly and submit the exam. It turns out that my random chosen answers are all incorrect lol

Exam Procedure:

Start the exam on my portal at any time, and then download the engagement files. Engagement files include OpenVPN configuration file, engagement letter, a username and password list, a traffic capture file. The engagement letter describes the scenario of the simulated pentest and guides me how to complete the exam, it is detailed and helpful. Provided username and password list are much shorter than what we usually use such as rockyou dictionary. Traffic capture file help me analyze and have an overview of the virtual company’s internal network. There are 20 multiple-choice questions according to the process of pentest, some questions have more than 1 answer while some questions are True/False-based questions. Answering 15 or more questions correctly is required to pass the exam. The exam is 72 hours and just as I said previously, it is quite enough. When finishing the exam, submit it and you will get the result immediately.

My personel exam experience:

To be honest, I stucked at the first and second question for half an hour. But I did not waste the time. I use the time to run autorecon against directly connected live hosts. Yes, there are some other live hosts which are not directly connected to client’s network, pivot or routing skill is required to discover them. The reason why I stucked at the first two question is that I mistakenly thought the exam was a hackthebox-like box. Run Nmap to enumerate->Search Pulibc Exploit->Exploit->Get a shell->Capture the secret file, the procedure could not solve everything in the exam. Then I thought of the engagement letter and the traffic capture file, I read and check them carefully respectively and finally found clues. I completed the first two questions and found indirectly connected live hosts. Other questions were quite straightforward and simple, I finished them very soon, except those two questions related to a host’s FTP service, I could not connect to it by any mean. The two FTP related questions were also very simple and straightforward, I could solve them if the connection worked.

Summary of exam

1: Routing or Pivot is required

2: Not hackthebox-like!!! Engagement letter and other included files are important!!!

3: Although the process and scenario of the exam is more like a real-life pentest, enumeration and exploit are quite straightment and simple (I can’t imagine a quite old exploit can be used for multiple hosts successfully)

4: No need to root every host, enumeration can solve most of the questions

5: PE are not needed

My Tips during the exam

1: When it comes to password cracking or username enumeration, have a look at provided username and password list.

2: Questions are simple and straightford, don’t make it complex

3: For some questions, you can check answers manually one by one. For example, which is XXX’s password? You can try to log in one by one, and you can also search options in provided password list, and you will find only one option exist.

Sample Questions

1: Which is Alice’s password？

2: What is the content of xxx.txt？

3: How many [one type of network device] in the internal network?

Used Tools

1: Autorecon (Nmap included)

2: Burpsuite

3: Firebox with foxproxy plugin

4: Nikto

5: Dirb

6: Msf

7: Sqlmap

8: Hashcat and Hydra (But they did not help with my answers)

Final Summary

1: Entry-level exam with straightforward and simple questions

2: Reallife-like pentest with obvious and simple vulnerabilities in hosts

3: It is fun and high-quality!!!

4: Very forgiving and friendly