Scribd
Upload
346 views23 pages

ECPPT Gold - Exam Manual

Uploaded by

es169371
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
346 views23 pages

ECPPT Gold - Exam Manual

Uploaded by

es169371
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 23

eCPPT GOLD

V1.1 - 04/11/2013

EXAM MANUAL

1) CERTIFICATION PROCESS
2) Windows Users Configuration
3) Linux users Configuration
eCPPT GOLD EXAM Manual

1. CERTIFICATION PROCESS
Step 1. OBTAIN A VOUCHER
Whether you are attempting the ECPPT certification
exam on your own or after having attended one of our
approved training courses, you will need to obtain a
voucher before you can start your certification process.

Please note that Penetration Testing course Professional includes a free


voucher in all plans.

Once you obtain the voucher you will receive login credentials to our
Certification area where you will manage the exam, the VPN credentials
and anything related to the certification process from the beginning up to
the shipment of your certificate.

Step 2. BEGIN THE CERTIFICATION PROCESS


Every voucher expires after 180 days from purchase. (eCPPT Silver
voucher expired after 120 days).

Before the certification expires, you will have to begin the certification
process by clicking on "Begin certification process".

The expiration date will always be available in your certification area and
remainder emails are sent to make sure you take advantage of the
voucher.

eLearnSecurity s.r.l. © 2013 | eCPPT GOLD 2


eCPPT GOLD EXAM Manual

Step 3. PERFORM YOUR TESTS


As soon as you click on the
"Begin certification process"
button you will receive an
email with instructions regarding the scope of engagement.

This letter will contain exactly what you should test and how

At this point you will start your penetration test against the designated
targets, take note of your findings and start creating your report.

The exam network will always be available 24/7 for 7 days and dedicated
to you.

At any time you will be the only one on the network and will be able to
reset the scenario should you damage it during your tests.

You can also pause the lab and resume from where you left off by simply
clicking Start/Stop buttons in the Certification area as you would do with
any other Hera Lab scenario.

Step 4. UPLOAD YOUR REPORT


Once you have performed a comprehensive penetration
test it's time to finalize your report.

This should be a commercial grade report proving all of


your findings and providing remediation steps for your
client. When ready and not after 14 days from the
beginning of the certification process, you will upload your
report in PDF format for review.

eLearnSecurity s.r.l. © 2013 | eCPPT GOLD 3


eCPPT GOLD EXAM Manual

Step 5. OBTAIN RESULTS


One of our instructors will carefully review
your report and if your findings and the
quality of the report is deemed sufficient to
pass the exam, you will become an ECPPT.

Should you fail the first attempt, the


instructor will provide you with valuable
feedback. Armed with this information you will have a free retake to be
used within 7 days to upload a new report.

The retake 7 days will begin from the moment you review the examiner's
feedback. During this period the exam lab network will be re-opened for
further tests.

In any case a new report should be uploaded no later than 14 days from
the date you receive the first attempt results by email.

Once you pass the exam you will find the digital
certificate immediately downloadable and verifiable. You
can also have it printed on a beautiful matte paper and
shipped at home (international shipping available) if
your voucher includes a shipment (otherwise you can purchase it
separately)

eLearnSecurity s.r.l. © 2013 | eCPPT GOLD 4


eCPPT GOLD EXAM Manual

Step 6. CERTIFICATION PROCESS OVERVIEW

eLearnSecurity s.r.l. © 2013 | eCPPT GOLD 5


eCPPT GOLD EXAM Manual

2. WINDOWS USERS CONFIGURATION


Step 1. DOWNLOAD OPENVPN CLIENT
Before starting your Lab, download and install OpenVPN Client (Connect
or Desktop) from here:

http://openvpn.net/index.php?option=com_content&id=357

Once the client is installed, reboot your system (you actually have to
reboot to avoid later issues).

Step 2. CREATE USER AND PASSWORD


In order to connect through the VPN, you first need to create an
Username and a Password. To do that open the ‘Manage your
credentials’ tab

eLearnSecurity s.r.l. © 2013 | eCPPT GOLD 6


eCPPT GOLD EXAM Manual

Step 3. BEGIN CERTIFICATION PROCESS


In order to start you exam you have to click on the button “Begin
certification process”.

And then click “I Agree” in the next dialog box.

eLearnSecurity s.r.l. © 2013 | eCPPT GOLD 7


eCPPT GOLD EXAM Manual

Step 4. START THE LAB


You can start the Lab by clicking the ‘Start’ button.

Note: The first time the lab could take up to few minutes to start.

Once the lab is deployed, the VPN icon will become green.

eLearnSecurity s.r.l. © 2013 | eCPPT GOLD 8


eCPPT GOLD EXAM Manual

Step 5. DOWNLOAD CONFIGURATION FILES


To start a lab, you need to download the certificate file (.crt) and the lab
configuration (.ovpn). The certificate file will be used for all labs, (you can
download it once), while the configuration file (.opvn) is unique for each
lab (you need to download it every time you want to start a new lab).

To download the certificate and the configuration files, click on the two
icons in the ‘Tunnel Files’ column:

Note: Certificate and configuration files must be stored in the same folder
to work.

eLearnSecurity s.r.l. © 2013 | eCPPT GOLD 9


eCPPT GOLD EXAM Manual

Step 6. CONNECT
Once the lab is ready, open your OpenVPN Client and import the
configuration file as follows.

Click the ‘+’ to import


the configuration file

Choose ‘Local file’


and click ‘Import’

eLearnSecurity s.r.l. © 2013 | eCPPT GOLD 10


eCPPT GOLD EXAM Manual

Choose the vpn


file downloaded
before

Note that you can also drag and drop the .ovpn file into the
OpenVPN Client interface.

Choose a name for


the VPN tunnel and
save it

The tunnel has been


created (Lab1)

eLearnSecurity s.r.l. © 2013 | eCPPT GOLD 11


eCPPT GOLD EXAM Manual

Once the tunnel is created, click on the new icon (Lab1 in this case), and
then insert your credentials ( See step b.).

Insert your credentials


(step B.), check
‘Remember password
during this connection,
and then click ‘Login’.

eLearnSecurity s.r.l. © 2013 | eCPPT GOLD 12


eCPPT GOLD EXAM Manual

If the connection is working you should see the following messages:

When the connection is established, you should see something like this:

eLearnSecurity s.r.l. © 2013 | eCPPT GOLD 13


eCPPT GOLD EXAM Manual

Step 7. CONFIGURE HOSTS FILE


Labs machines (like web server and internal organization machines) are
not connected to the Internet.

In order to connect to the target organization website you have to insert


the following two static rules in your hosts file:

o 10.90.60.80 foophonesels.com

o 10.90.60.80 intranet.foophonesels.com

------------------------------------------ hosts path ---------------------------------------

- Windows: C:\Windows\System32\drivers\etc\hosts

-------------------------------------------------------------------------------------------------

Step 8. TEST THE TUNNEL


If the tunnel works, you should have a new network interface with the
same IP address displayed in the OpenVPN client.

Moreover test your connection to the lab by opening the following URLs:

 http://www.foophonesels.com
 http://intranet.foophonesels.com

eLearnSecurity s.r.l. © 2013 | eCPPT GOLD 14


eCPPT GOLD EXAM Manual

Step 9. STOP THE LAB


Once you have finished to use the Lab, remember to stop it by clicking on
the ‘Stop’ button in the Members area.

Step 10. UPLOAD THE REPORT


Once you Penetration Test is completed, you can upload the report (pdf
format) in the following box.

eLearnSecurity s.r.l. © 2013 | eCPPT GOLD 15


eCPPT GOLD EXAM Manual

3. LINUX USERS
Step 1. DOWNLOAD OPENVPN CLIENT
Before starting your Lab, download and install OpenVPN Client from
here:

http://openvpn.net/index.php?option=com_content&id=357

Once the client is installed, reboot your system (you actually have to
reboot to avoid later issues).

Step 2. CREATE USER AND PASSWORD


In order to connect through the VPN, you first need to create an
Username and a Password. To do that open the ‘Manage credentials’ tab

eLearnSecurity s.r.l. © 2013 | eCPPT GOLD 16


eCPPT GOLD EXAM Manual

Step 3. BEGIN CERTIFICATION PROCESS


In order to start you exam you have to click on the button “Begin
certification process”.

And then click “I Agree” in the next dialog box.

eLearnSecurity s.r.l. © 2013 | eCPPT GOLD 17


eCPPT GOLD EXAM Manual

Step 4. START THE LAB


You can start the Lab by clicking the ‘Start’ button.

Note: The first time the lab could take up to few minutes to start.

Once the lab is deployed, the VPN icon will become green.

eLearnSecurity s.r.l. © 2013 | eCPPT GOLD 18


eCPPT GOLD EXAM Manual

Step 5. DOWNLOAD CONFIGURATION FILES


To start a lab, you need to download the certificate file (.crt) and the lab
configuration (.ovpn). The certificate file will be used for all labs, (you can
download it once), while the configuration file (.opvn) is unique for each
lab (you need to download it every time you want to start a new lab).

To download the certificate and the configuration files, click on the two
icons in the ‘Tunnel Files’ column:

Note: Certificate and configuration files must be stored in the same


folder.

eLearnSecurity s.r.l. © 2013 | eCPPT GOLD 19


eCPPT GOLD EXAM Manual

Step 6. CONNECT
Once the lab is ready, run a new terminal,

1) move into the folder where the certificate and the configurations file
reside, then

2) run the following command:


>> openvpn lab_configuration_file.ovpn

1
2

If the connection works, you have to insert your credentials ( See step b.)
and then confirm. Once the connection is established, you should see
something like this:

eLearnSecurity s.r.l. © 2013 | eCPPT GOLD 20


eCPPT GOLD EXAM Manual

eLearnSecurity s.r.l. © 2013 | eCPPT GOLD 21


eCPPT GOLD EXAM Manual

Step 7. CONFIGURE HOSTS FILE


Labs machines (like web server and internal organization machines) are
not connected to the Internet.

In order to connect to the target organization website you have to insert


the following two static rules in your hosts file:

o 10.90.60.80 foophonesels.com

o 10.90.60.80 intranet.foophonesels.com

------------------------------------------ hosts path ---------------------------------------

- Linux: /etc/hosts

--------------------------------------------------------------------------------------------------

Step 8. TEST THE TUNNEL


You can test the tunnel by running ifconfig:

If you see a new network interface (tap0), the tunnel works fine.
Moreover test your connection to the lab by opening the following URLs:

 http://www.foophonesels.com
 http://intranet.foophonesels.com

eLearnSecurity s.r.l. © 2013 | eCPPT GOLD 22


eCPPT GOLD EXAM Manual

Step 9. STOP THE LAB


Once you have finished to use the Lab, remember to stop it by clicking on
the ‘Stop’ button in the Members area.

Step 10. UPLOAD THE REPORT


Once you Penetration Test is completed, you can upload the report (pdf
format) in the following box.

eLearnSecurity s.r.l. © 2013 | eCPPT GOLD 23

You might also like