📋 A structured, hands-on walkthrough for preparing for the eLearnSecurity Junior Penetration Tester (eJPT) v2 certification exam.
| Section | Topics Covered |
|---|---|
| 🔧 Pre-Exam Setup | Tool verification, wordlists, Metasploit DB, note-taking structure |
| 🚀 Reconnaissance | Host discovery, Nmap strategies, question-first methodology |
| 🔍 Service Enumeration | Web, SMB, SSH, MySQL, FTP enumeration commands |
| 💥 Exploitation | Metasploit workflows, manual exploits, reverse shells |
| 🔐 Privilege Escalation | Linux/Windows escalation checklists, credential dumping |
| 🔄 Pivoting | Autoroute, port forwarding, proxychains for internal networks |
| 📝 Exam Strategy | Time management, documentation templates, troubleshooting |
📄 eJPT.pdf (Direct PDF Download)
💡 Tip: Right-click → "Save link as..." to download. View online via GitHub's PDF preview.
# 1. Clone this repo
git clone https://github.com/YOUR_USERNAME/ejpt-study-guide.git
cd ejpt-study-guide
# 2. Set up your lab (Kali recommended)
sudo apt update && sudo apt install -y nmap gobuster sqlmap john hashcat
# 3. Prepare wordlists
gunzip /usr/share/wordlists/rockyou.txt.gz 2>/dev/null
# 4. Follow the guide phases:
# Phase 1: Recon (30 min) → Phase 2: Enum (3 hrs) → Phase 3: Exploit (5 hrs)
Questions often contain hints about services, flags, or exploitation paths. Save hours by scanning all 35 questions before starting.
| IP | Hostname | Services | Credentials | Flags |
|---|---|---|---|---|
| 192.168.1.10 | WEB01 | Apache 2.4.29 | admin:admin123 | {eJPT_...} |
The same password often works across SSH, SMB, MySQL, and web logins in lab environments.
meterpreter> run autoroute -s 10.10.10.0/24 # Add internal subnet
meterpreter> run autoroute -p # Verify routes
Host Discovery
netdiscover -r 192.168.100.0/24 -i eth0
nmap -sn 192.168.100.0/24 -oG recon/live_hosts.txt
# Full port scan + service detection
nmap -sV -sC -p- -T4 -Pn -oN recon/[IP]_full.txt [IP]
# Web directory brute-force
gobuster dir -u http://[IP]/ -w /usr/share/wordlists/dirb/common.txt
msfconsole
search [service] [cve]
use exploit/[path]
set RHOSTS [IP]
set LHOST [your_IP]
exploit -j # Run as job
# Linux: SUID binaries
find / -perm -u=s -type f 2>/dev/null
# Windows: Unquoted service paths
wmic service get name,displayname,pathname,startmode | findstr /i "auto" | findstr /i /v "c:\windows" | findstr /i /v """
This guide is intended for: ✅ Personal study and skill development ✅ Authorized penetration testing practice in lab environments ✅ Understanding penetration testing methodology
This guide is NOT for: ❌ Sharing actual eJPT exam questions, answers, or flags ❌ Violating INE/eLearnSecurity's Non-Disclosure Agreement ❌ Unauthorized testing of systems you do not own
📜 Always review the official eJPT exam policies and sign any required NDAs before attempting the certification.
Found a typo? Have a better command or strategy? Contributions welcome! Fork this repository Create a feature branch: git checkout -b fix/typo-section-3 Make your change + commit: git commit -m "fix: correct nmap flag in enumeration" Push and open a Pull Request
This study guide is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0).
✅ Share — copy and redistribute the material ✅ Adapt — remix, transform, and build upon the material Under these terms: 🔄 Attribution: Credit the original author 💰 NonCommercial: Do not use for commercial purposes 🔁 ShareAlike: Distribute derivatives under the same license
INE Academy — for the eJPT curriculum and lab platform HackTheBox, TryHackMe — for complementary practice The infosec community — for open-source tools and knowledge sharing Built with ❤️ for aspiring penetration testers. Stay ethical, stay curious. 🛡️🔍