Now, obviously my memory will be a bit hazy as it has been over three months, and I don’t want to include any exam spoilers, but I will do my best to describe the exam and my process.
Day 1 (2/14)
I started off the evening with a nice, romantic Valentine’s Day dinner at Taco Bell with 2 close friends.
The exam kicks off at 9:28pm, and I have nothing but my wits, skills, and 6 Sugar Free Amp energy drinks to help me.
A lot of enumeration and understanding of the network and externally facing systems. Some planning, but I’ve never been great about that.
TONS OF SCREENSHOTS (Evernote is my hero)
Some progress as of 24 hours and 3 energy drinks in (~144 hours and 3 energy drinks remaining), but too early to tell.
According to the VM timer I spent around 10+ hours in the environment this day, and didn’t get too burnt out (yet).
A bit more progress (and a lot more frustration) as of ~48 hours and 4 energy drinks in, but a lot to go.
(no day 4 update)
After ~76 hours and 5 energy drinks (~92 hours and 1 energy drink remaining) I did not make any more progress, other than increased frustrations.
At this point I start to go back over everything both network and lab wise, to try to decide what I might be missing or forgetting.
Additionally, I’m taking screenshots and noting everything down, to prepare for my report.
This is also the point where I start trying to randomly brute force EVERYTHING…not the best solution.
~122 hours and 6 energy drinks in (~46 hours and 4 energy drinks (thanks to a friend for the surprise) remain), and I’m making progress again.
Always remember that there are multiple ways to attack something, as well as different payloads…this was something that caused me no shortage of frustration (TRY MORE THAN ONE PAYLOAD NEXT TIME).
“All” that I have left at this point is some custom exploit dev and the DMZ.
Day 6 night/7 morning
The custom exploit dev went along without too many hitches, and with a pretty interesting solution. (Shouldn’t be a spoiler) Instead of a more standard payload (was running into issues), my exploit remotely deleted a user, added that user back, made them an administrator, and then enabled RDP.
At this point I have ~18 hours left and nothing but the DMZ left.
As of 11am on the seventh day (~146 hours and 7 energy drinks in), I obtained root level access in the DMZ, thus completing the testing part of the exam.
All that was left at this point was a bit more information (AND SCREENSHOT) gathering, and verifying that I found every vulnerability on the machines instead of just one.
Then I had 7 days to write the report (had 99 pages of unformatted screenshots and notes at this point).
While I don’t have many notes on my report itself, I’ll try to give an understanding of how it went.
I started with 99 pages of screenshots and mostly unsorted/un-formated notes.
From here I sorted them out, added headers, and began looking at sample Penetration Test reports.
All in all, my report ended up being 50 pages in total including an Executive Summary, Vulnerability report (including remediation steps), and source code Appendix
While writing the report wasn’t that hard with all of my notes, it was still something very new to me, and a valuable experience.
The only real advice I could give on this is to take constant screenshots and notes, make sure you have a format in mind, and don’t wait until the last-minute.
As of March 7th @ 12:12pm, I received the following e-mail:
“Our instructors at eLearnSecurity want to congratulate with you and award you with the eLearnSecurity Certified Professional Penetration Tester certificate. You are now an eCPPT!”