Address
304 North Cardinal St.
Dorchester Center, MA 02124
Work Hours
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM
Address
304 North Cardinal St.
Dorchester Center, MA 02124
Work Hours
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM
I finally took my eWPT exam this past weekend, so it is nice to have another cert out-of-the-way.
While I can’t give away too much information about exam specifics, it was fairly straightforward.
To quote NovaHax on TechExams:
The exam starts with a wildcard domain, and the goal of finding all vulns in all subdomains. I started by performing some subdomain enumeration, but I won’t get into too many details about that.
Once all the domains are found, the test becomes a standard web app pentest. Paying attention to all information gathered, as well as ALL possible venues of exploitation is very important.
In the end, I ended up with over 10 vulns for the entire web application and a 39 page report.
I am currently awaiting reviewer feedback on my report, but I’m fairly confident about my current status.
The reviewer has 30 business days to give feedback, but I know that my eCPPT only took about seven. I will be on vacation during the holidays, but I am hoping to know how I did before then.
This was an enjoyable cert, is relevant to my current position, and surprisingly useful (even considering my experience).
Once I return from the holidays, I plan on starting the eWPTX course.
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he’s done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!
He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.
This page contains links to products that I may receive compensation from at no additional cost to you. View my Affiliate Disclosure page here. As an Amazon Associate, I earn from qualifying purchases.
Wow thanks for the feedback! What is your current job title? You said this very was relevant to what you do now.
Thanks, and always glad to provide feedback on certs/course I take!
Current job title is Penetration Tester, but a large focus is definitely on web applications.
I didn’t expect to learn anything going into this one (figured it would be a refresher before eWPTX), but was pleasantly surprised.
That is my dream title 🙂 I only have the eJPT at the moment. Do you think I should focus on getting the ePPT or the eWPT?
Haha, yea, it’s a pretty sweet gig once you finally get into it.
I suppose it would depend on what you’d prefer to do, as well as your current skill-set.
The eCPPT is closer to the OSCP, which will definitely help as far as getting a foothold into a pentesting position is concerned. That said, the eWPT is far more useful as far as web applications are concerned, and this is what you will primarily run across in most organizations.
I’d recommend eCPPT -> OSCP -> (other certs) from a general career standpoint though.
hey man,
great notes on the course, good work on that.
can I ask a question though, I have access to the mysql db but can’t get the –password option to work. I believe I should be able to get hashes from it and crack those to access a subdomain… but no luck. I have proxy’d it through burp and can see it’s running correctly… any advice would be greatly appreciated.
Hi Amy,
First, sorry for the confusion, but I have to manually approve comments to avoid spam!
That said, thanks for the feedback on the course.
As far as having access to a database, but no hashes is concerned, that is usually a permission issue. If you don’t have high enough privileges on the database, you may not be able to dump the saved passwords. That said, the application itself might be storing passwords in a different database/table. Additionally, you may not need the MySQL credentials to move laterally.
Good luck!
Thanks for the reply! I’m going to take your advice and go for the eCPPT, followed by the OSCP. I have little experience in Pen Testing. I do it at work from time-to-time but not a lot. I don’t think my eJPT cert has any weight in the infosec world haha.
I forgot to check the “Notify me of follow-up comments by email” box which is why I replied twice lol
Hey man, first off congrats! I am a system engineer but my work has allowed me to pursue Infosec certs. Hoping one day to become a pentester like yourself.
I am just finishing up on eCPPT and hoping to take the exam over the up and coming holidays. It’s good to hear that eCPPT is very close to OSCP as I plan on getting that cert in the near future.
I have been “trying” to participate in bug bounties as a way to learn web app sec. From your experience, the eWPT course even taught you a thing or two considering you’re a season pentester?
I feel that pentesting will move more into web app based testing in the near future with the adoption of cloud based technologies. Do you agree with that statement?
Thanks and looking forward to reading about your experience on eWPTX course.
Hi Chris,
Thanks for that, and good luck!
OSCP is a great follow-up to eCPPT, especially if you really followed the material and learned. The eWPT definitely taught me a bit even as a pentester, so I’d recommend it. I’m looking forward to the eWPTX, as it should be even more advanced.
I think that there will always be plenty of Web App Pentesting, and it is actually already in the majority.
Good luck with the certs, and let me know if you have any other questions.
Thanks for the review. I’m currently working through the WAPT course. I signed up for the course only to prepare for the WAPTX course and fill in gaps in my knowledge. I’m impressed with the course materials and I’ve definitely learned new things from it even it has only “filled in the gaps”. I wasn’t planning on taking the exam but after reading your review I’m looking forward to it now.
Glad you found the review useful, and it was a good course.
That was exactly how I felt taking the course, but it was definitely more than just a refresher for WAPTX. I’d take the exam if I were you, as it never hurts to have the cert/proving the experience.
Good luck!
Hey Doyler! Hope all is well in the InfoSec world! I just got back my results for this exam and I failed :(. I wasn’t able to gain admin access and I ended up with about 10 Vulner. Any hints or tips on what I should be studying more? Any feedback would be appreciated.
Thanks!
Josh
Hi Josh, it is, thanks for asking!
That’s too bad to hear, hopefully next time you’ll get it. I had roughly 14 vulnerabilities, so you weren’t too far off…
As far as what you should be studying, it will mostly revolve around what you missed or think you missed. That said, I’d suggest really looking back over SQLi, XSS, and unrestricted file uploads.
Good luck!
Thanks for the feedback as always Doyler! I’ll let you know once I get the cert!
Thanks again and goodluck with the eMAPT! I bought the bundle (eMAPT, eWPT, eWPTX, and eCPPT) so I’ll be adding it to my arsenal soon!
Hi,
Great article
I have done my first attempt of ewpt and found the userID and hashes, anyway I wasn’t able to crack the hash and get the admin access, I submitted the report and waiting for the reviewer to come back. Then I think i can start the 2nd attempt.
Is the way I followed is correct ? I need to crack the hash to get the admin access right ?
in that case could you please provide me any hint, that I can use to crack this hash.
PS: Not asking the exact answer, just a hint 🙂
In any engagement, if you find password hashes, you probably don’t need to crack all of them. That said, cracking one hash could be a great benefit, since you could then access the application.
Hello Kumaran,
Try https://crackstation.net
Goodluck, I’m submitting my report today. I failed it twice already. Third times the charm!
Josh
Yes, a great resource for checking hashes that you already have.
Good luck Josh, let me know how it goes!
Will do! Thanks for everything!
Just got results back and I passed!
Thank God!
Awesome, congrats!
Thanks! I plan on taking the WPTX next…but after reading your review on it…I’m not sure I’m ready to put my brain through that haha!
Hello Kumaran,
I am curious to know your result, even i am on the same boat of userID with hashes,
Hi Shinny,
Good luck, and don’t forget to try something like https://crackstation.net
Hey doyler,
Tried that. No good from it.
Thanks.
Hey Shinny,
Crackstation didn’t work for you? Hmmm you sure you have the right hash.
Any questions (can’t give you the answers) you can also shoot me an e-mail: [email protected]
Hey Doyler I have a question. In your opinion, which was more difficult, eWPTX or eCPPT?
I’m trying to decide which of the two to take next. I would like to get it before the year is out.
Hmm, probably the eWPTX? That said, they’re different certs, so it really just depends on what you’re looking for.
There is little to no overlap, so one isn’t really going to prepare you for the other.
Hi Doyler,
I’m doing the eWPT right now and am completely stuck on the final stage. I have access, I’ve found two good places for what I’m pretty sure is how you get admin but nothing is coming back. Both work against myself but short of being able to send the admin an email or something I’m stumped.
Any pointers?
I’d keep looking around for what you have and haven’t found yet. If something works against you, maybe it is persistent and can be seen by others?
That said, you definitely don’t need to send any e-mails, especially not to get admin!
Not sure if you maintain this blog post
But I’ve been at it for a long time
I would appreciate a nod on the right direction regardig sqlmap tamper scripts it’s on the challenges
Would it be possible to ask for an email exchange?
Sorry, no cheating or spoilers on the exam!
That said, starting from existing tamper scripts and modifying them made life SO MUCH EASIER for me.
“EXCELLENT, THANK YOU ! Another tip, if you don’t see Lifeframe in all programs (because mine didn’t) just type it in and it will come up on the top in a box that doesn’t look like it’s clickable, but click it. Once it opened, I right clicked the icon and pinned it to my task bar so I don’t have to hunt it down any more.
“
Liveframe?
Hi Doyle,
Did the exam and got admin access but still did not pass.
The feedback from the examiner does not make much sense. “outside scope of engagement.”
Found a phone-related domain and included it in the report. (should I remove this part from my report?)
Any help is appreciated.
It sounds like you made some decent progress, but didn’t get quite enough to pass!
If you received a message that something was out of scope, then it likely means that you attacked something you weren’t supposed to.
When performing any sort of penetration test, be sure to limit your attacks and report to ONLY the agreed-upon scope.
Good luck!
Hello
I am about to deliver my report, I have administrator access and 10 vulnerabilities found, do you think that is enough to pass?
Greetings.
As long as you found every vulnerability, then you should be good to go. Hopefully it went well for you!
I failed in first attempt of eWPT. I reported several vulnerabilities such as sql injection, file upload and also found one user credentials using SqlMap. Didn’t able to crack admin hashes and hence not able to login to any admin area. Can you please give me hint.
No spoilers, but be sure to follow all of your enumeration steps INCLUDING post-exploitation.
Good luck!
I appeared for eWPT exam and reported several vulnerabilities such as SQL Injection, File Upload. I also found one user credentials using SQLMap. But not able to crack hash for admin users. Can you please give me hint that how I can crack that hash and access admin area.
No spoilers, but be sure to follow all of your enumeration steps INCLUDING post-exploitation.
Good luck!