Pereiti prie pagrindinio turinio

My experience on taking the eWPTXv2 exam

So a few months ago I had the joy of passing the eWPTXv2 exam. Well, it does not sound intriguing until you translate it into human language. The eWPTXv2 is actually eLearnSecurity Web Penetration Testing Extreme second version. Everything sounds better than you put extreme into it. Well, this is not that case since the exam is actually a bit hard.

The thing with security is that you have to earn your certificates and this is one of those cases. The duration of the exam is just 7 days for practical and 7 days for report writing. In summary, 14 days of joy and fun. If this already sounds exhausting, oh I mean extreme then prepare yourself for the following.

About exam

The cost of this is only 400 dollars. For such a price you get an exam attempt and an additional retake. Sometimes it is a great idea just to restart machines if something is not working and it feels like it should. Had a case where registration functionality did not work and after the machine reset the complete new attack surface opened up. Just doing a machine revert fixed it which led to vulnerability. Must be the case – works on my machine.

Nevertheless, the exam environment is very stable and dedicated so no one else is connected to it. You still have to send the report even though you have not succeeded. This is to ensure your retake does not expire. Also, some feedback from the examiners will be sent on achieved progress so far and what is still remaining. So this is actually not that bad. Of course, there is always a stress factor when thinking of failure. The key here is to understand that it is ok to fail and accept this as a learning experience. “Success is going from failure to failure without losing enthusiasm.” – Winston Churchill.

“Success is going from failure to failure without losing enthusiasm.” – Winston Churchill.

Exam goals

This is not a CTF-style competition where you have to locate flags and get points. This requires a proper Black box web penetration testing experience. The scope consists of several subdomains and IP addresses. So it is actually more than 2 web applications. Since this is not a vulnerability assessment the goal is to identify and exploit as many vulnerabilities as possible. Failure to do so may result in failing even though the main goals are satisfied. As usual on hacking events and other exams, the final objective is to execute commands on a web server and get a reverse connection – shell.

Exam restrictions

One of the fun parts is there are no restrictions to use any exploitation or scanner tools. This is great since it is very similar to the real-world scenario. This does not mean that there are any CVE’s waiting to be exploited. The exam is prepared in such a way that you have to know how to identify, exploit, and post exploited vulnerabilities that may or not be found in a preparation course for the exam. I can verify that a tool is only as good as its user. 

Exam preparation

I had the privilege of taking the exam course in order to prepare – course. Though it is not free and alternatives can be found. There is definitely value in the material and some things can be useful in the exam. Looking back it is clear that some things are just mandatory in order to successfully complete this. 

Evasion techniques. Some payloads just don’t work and it doesn’t matter how hard you tried or how far you have gotten. This is because filters are in place and you just have to know how to work around them in order to run your exploit properly.

Scripting. Scanners are ok, but they can only highlight an issue if there is any. Some vulnerabilities require proper exploitation which can not be done with any available tool. This is because exam machines require custom exploitation tools and the ones off the shelf do not work properly. Luckily for us, there are multiple custom exploitation scripts on the internet that we can tweak a bit and make them run. 

Mapping application. Since the exam is for web applications, prepare to approach this with no prior knowledge. This means you have to know your way around enumerating or mapping the web. This helps to identify the attack surface and create your own thread model. This is a must since it is not a CTF. 

„If you are into web security and have been intrigued by reading this. Then it might be the challenge you were looking for.“

Final thoughts

Focusing on the common issues first is a great approach that might result in success. Some vulnerabilities are just that and do not fit in any other attack chain whatsoever. Still have to be exploited or also can be exploited in different ways. This was a case we had with a colleague on our take. We solved the same issue differently. It took him only three actual days to solve it. While I thought of another approach which apparently was intended. 

Overall the experience is great. Reasonable price for a reasonable amount of time for the environment where you can break things to your left and right. If you ever wondered, now you know what hacker exams look like. After all, this is the best black box web penetration testing exam there is out there as far as I know.

If you are into web security and have been intrigued by reading this. Then it might be the challenge you were looking for.

Populiariausi blog'ai

  • Migrating from Xamarin to .NET MAUI: A Comprehensive Guide

    The world of mobile application development is constantly evolving, and Microsoft’s .NET Multi-platform App UI (.NET MAUI) is at the forefront of this change. As an evolution of Xamarin.Forms, .NET MAUI offers developers a modern, cross-platform framework for building native device applications. This blog post will guide you through the process of migrating your existing Xamarin.Forms application to .NET MAUI.

  • Socialinis intranetas „Simoona“ – dabar prieinamas kiekvienam!

    Šiame blog’o įraše papasakosime apie vidinės komunikacijos įrankį, mūsų kurtą socialinį tinklą „Simooną“. Tik prasidėjus kūrybos procesui mums rūpėjo tik viena – kaip kuo daugiau įmonės kultūros perkelti į skaitmeninę erdvę. Ir prieš aštuonerius metus, net neįsivaizdavome, kad šis vidinis intranetas, bus toks svarbus kuriant glaudžius ryšius tarp kolegų ir tikrai net negalėjome nutuokti, kokia svarbi „Simoona“ bus užklupus pasaulinei pandemijai.

  • ISTQB Certifiend Tester Foundation Level experience 2 -min

    Patirtis laikant For ISTQB Certified Tester Foundation Level 2018 sertifikatą

    Aš Ramūnas Norkus, jau beveik du metus Vismoje dirbu automatinio testavimo inžinieriumi „Inschool“ projekte. Kuris yra skirtas Norvergijos mokykloms ir, beje, yra didžiausias projektas Vismoje. Mano kasdienis darbas apima įvairias testavimo užduotis, susijusias su automatinių testų (frontend, performance, penetration) rašymu ir priežiūra bei rankiniu testavimu.

    Tad, tikriausiai nenustebsi, kad ir šis mano blog’as patirtį laikant vieną iš testavimo inžinieriaus sertifikatų. Įdomu? Skaityk toliau.