Ppwnaisecinpwnaisec.hashnode.dev·Jun 16 · 4 min readHow I Passed eJPTv2 with 88% on My First AttemptIntroduction After months of learning, practicing, failing, and improving, I am excited to share that I successfully passed the eJPTv2 (eLearnSecurity Junior Penetration Tester) certification with an 00
HHmadinhmadsec.hashnode.dev·Jul 14, 2025 · 2 min readeJPT - 4.1 CTF Introduction to the Web & HTTP ProtocolQuestion 1 Sometimes, important files are hidden in plain sight. Check the root ('/') directory for a file named 'flag.txt' that might hold the key to the first flag. For this task, we have been told that a website is running (on port 80) so we don...00
HHmadinhmadsec.hashnode.dev·Jul 14, 2025 · 12 min readeJPT - 4.1 Introduction to the Web & HTTP ProtocolIntroduction Web applications are software programs that run on web servers and are accessible over the internet through web browsers. They are designed to provide interactive and dynamic functionality to users allowing them to perform various tasks,...00
HHmadinhmadsec.hashnode.dev·Jul 12, 2025 · 7 min readeJPT - 3.6 Social EngineeringIntroduction In the context of penetration testing, social engineering is a technique used to manipulate individuals or employees within an organization to gain unauthorised access to sensitive information, systems of facilities. Social engineering w...00
HHmadinhmadsec.hashnode.dev·Jul 10, 2025 · 4 min readeJPT - 3.5 CTF Post-ExploitationCTF 1 Question 1 The file that stores user account details is worth a closer look. (target1.ine.local) After doing an Nmap scan on the target, we can see that port 22 is open and running libssh for which there is a Metasploit module available to ex...00
HHmadinhmadsec.hashnode.dev·Jul 7, 2025 · 19 min readeJPT - 3.5 Post-ExploitationIntroduction Post-exploitation is the final phase of a penetration test. it consists of the tactics, techniques and procedures that attackers undertake after obtaining initial access on a target system. It involves what you do once you have gained an...00
HHmadinhmadsec.hashnode.dev·Jun 17, 2025 · 10 min readeJPT - 3.4 CTF ExploitationCTF 1 Question 1 Identify and exploit the vulnerable web application running on target1.ine.local and retrieve the flag from the root directory. The credentials admin:password1 may be useful. Firstly, let's run an Nmap scan. We can see that there i...00
HHmadinhmadsec.hashnode.dev·Jun 14, 2025 · 14 min readeJPT - 3.4 ExploitationIntroduction Exploitation consists of techniques and tools used by adversaries / penetration testers to gain an initial foothold on a target system or network. You can only exploit a target if you know what is vulnerable. Exploitation methodology: I...00
HHmadinhmadsec.hashnode.dev·Jun 4, 2025 · 4 min readeJPT - 3.3 CTF The Metasploit FrameworkCTF 1 Question 1 Gain access to the MSSQLSERVER account on the target machine to retrieve the first flag. Firstly, let's run an Nmap scan. We can see that an mssql 2012 server is open on port 1433. We can search in Metasploit for mssql 2012. We wil...00
HHmadinhmadsec.hashnode.dev·Jun 3, 2025 · 15 min readeJPT - 3.3 The Metasploit Framework (II)Linux Exploitation View some of the notes for this section here - Enumeration Page. FTP Server Firstly, let's run an Nmap scan. We can see that vsftpd is running on port 21. We can now search for vsftpd and we see that we have an exploit module (vsft...00
