C|PENT Review, Preparation Tips, and Cyber Range Experience: Advice From a Licensed Penetration Tester (Master)

Before sharing my experience with and advice for the Certified Penetration Testing Professional (C|PENT) program, I must mention that C|PENT is different from other programs. While preparing for C|PENT, I learned many new, cool concepts and practiced them in EC-Council’s iLabs and Cyber Range. There are so many concepts and technologies that you will learn about in this course. I cannot outline all of them here, but I will try to highlight the most important ones.

With C|PENT, you don’t just get a certificate; you earn it. The program equips you with real-world knowledge of how penetration tests are done and what you can expect when you jump into cybersecurity as a career.

C|PENT Preparation Tips

I began preparing by watching all the videos and then moving to the course materials. My advice would be to not skip any of the pages, as there is always something new, even when the topic seems repetitive. For instance, I was astonished when I noticed something new in Linux even though I have been using it for a long time. One of the best things about C|PENT is that you learn to do the same thing multiple ways; this ensures that you always have a backup plan during a real penetration test.

When reviewing for the C|PENT exam, keep the following things in mind. My most important advice is to make exhaustive notes, as this will be a lifesaver. During the exam, you don’t want to spend time searching for the command that will give you root or admin access. I suggest making two sets of not

  1. Explanation of the theory: In these notes, you’ll describe how something works and how it can be exploited, the theory behind certain exploits, and so on.
  2. Commands with brief explanations: This set of notes is more important and will be useful throughout your cybersecurity journey. Note the commands and provide a short explanation—preferably, use variables that you can define in your penetration test exercise. The ones that I used in my notes were:
    • $MYIP: IP of my attacking machine
    • $IP: IP of the machine that I wanted to attack
    • $IPRANGE: Range of the IP address that I wanted to scan or exploit (for password spraying, Nmap, and others)
    • $HOSTNAM: DNS name of the host that I wanted to attack

Practice all the exploits and concepts. Although you get 6 months of iLabs access, the time will fly by, as there is a lot to learn. While doing the labs and practicing on the Cyber Range, I also wrote the aliases, functions, and scripts in Bash and Python to ensure that I could do it faster next time. I had a lot of aliases defined for many commands, and with practice, I had most of them committed to muscle memory.

Practice pivoting if you are not used to it. Initially, you will not realize how difficult it might be to exploit a box when you cannot reach it directly, but having a good understanding of networking and how subnets work will help you in the long run. And don’t forget that double pivoting needs double the practice, if not more.

Let’s take an example of the script I used. I called it connect.sh and used it only to connect to any host that I had compromised. First, I had a text file (named creds.txt) that contained details of how I wanted to connect to the machine. It looked something like this:

As you can see, the fields are separated with a pipe symbol, and each line has a connection method, IP address, username, and password. Now for the script:

## Read the creds.txt file in current folder to get the creds and connect method

rdp='xfreerdp /dynamic-resolution +clipboard /cert-ignore +auto-reconnect /auto-reconnect-max-retries:3 /v:$IP /u:$USER /p:$PASS /t:$IP /rfx +fonts '

rdph='xfreerdp /dynamic-resolution +clipboard /cert-ignore +auto-reconnect /auto-reconnect-max-retries:3 /v:$IP /u:$USER /pth:$PASS /t:$IP /rfx +fonts '

ssh='sshpass -p $PASS ssh -l $USER $IP'

winrm='evil-winrm -u $USER -i $IP -p $PASS'

winrmh='evil-winrm -u $USER -i $IP -H $PASS'

smb='impacket-smbexec "$USER:[email protected]$IP"'

ps='impacket-psexec "$USER:[email protected]$IP"'

w=( $(grep $1 creds.txt | sed 's/|/ /g') )

export IP=${w[1]}

export USER=${w[2]}

export PASS=${w[3]}

echo ${!w[0]} |envsubst

if [[ $2 == p* || $3 == p* ]] then

eval proxychains4 ${!w[0]}



if [[ $2!= "" ]]


w=( $(grep $1 creds.txt|grep $2 | sed 's/|/ /g') )

export IP=${w[1]}

export USER=${w[2]}

export PASS=${w[3]}

echo ${!w[0]} |envsubst

eval ${!w[0]}


eval ${!w[0]}

  Note that this script saved me a lot of time and served two purposes. At the end of the exam, I had all the usernames, passwords, and access mechanisms in one file (i.e., creds.txt for reference. In addition, and most importantly, despite there being so many machines and ranges, I did not struggle to search for usernames or passwords in my notes. This is only one example of a script I used; I created numerous others during my practice in iLabs and on the Cyber Range, which was helpful. The scripts will also enable you to organize logs and your report

How to Navigate Challenging Topics

The C|PENT program is very challenging; even the web range that you find on many other platforms is not as straightforward in C|PENT. A few topics are more difficult than others because there are not many options to practice these areas. Let’s have a look at some of the difficult topics and tips to navigate them.

Pivoting and Double Pivoting

You will not find this on any other cybersecurity training platform, and very few blogs and YouTube videos are available on this topic. So, make the best use of the lab time to figure out how this technique works.

Note down the issues you can run into if you try double pivoting. When pivoting, some things will not work the way you expect them to; try to understand why.

Binary Exploitation

Although I love binary exploitation, I still have not been able to fully master it, as there are too many things to learn. Address space layout randomization (ASLR) and return to LIBC (ret2libc) are some of the things that I found fascinating. Differences between 32- and 64-bit binaries, how they work, and how to exploit them were other challenges.

Active Directory Range

This is something I enjoyed learning in C|PENT. The first thing I learned is that Active Directory (AD) is not accessible from outside the network, so you need to pivot—and when you pivot, strange things happen.

To top it off, some of the tools you will find online will not work as is, so you need to understand why they do not work and then fix them to get the information you need. This is a real challenge.

My Cyber Range Experience

My favorite Cyber Ranges were the binary exploitation, AD, and double pivoting ranges. Above, I explained the challenges I faced. Here, I share what I learned in my favorite Cyber Ranges.

My C|PENT advice would be to spend a lot of time in iLabs to understand the concepts. Practice techniques that don’t seem easy multiple times, and finally, when you feel you are ready, go for the Cyber Range. Spend a lot of time mastering Cyber Ranges you find difficult. Ensure that you find and get root or admin access on all of them, but remember that there are systems where you will not get any access or not get admin or root access, and you should know when to move on. Learn and understand when you want to stop trying to get user-level or root access; this will be helpful for you on the exam. Note down what you have found and attempted, and then move on.

AD Range

  1. You cannot access all the machines directly.
  2. There could be antivirus software, firewalls, or other defense mechanisms on the machines, so be prepared. The firewalls are simple, not next generation, but a Windows firewall could be enabled on the host.
  3. You need to use pivoting here.
  4. Practice post-enumeration, as you don’t learn much about it in capture-the-flag (CTF) exercises and it is very important for C|PENT. Post-enumeration will tell you how the network and other machines are configured. Again, list what you want to capture from the machine once it is compromised. Don’t be afraid to record more details than required.

Binary Analysis

  1. Learn the concept.
  2. Understand how it works.
  3. Follow the process and understand what you need to do when you encounter binary exploits. Following the process—along with a lot of Googling—is a very important part of understanding why something does not work.

Double Pivoting

You must practice this in the lab or Cyber Range. You will not be able to do this in your own setup unless you do some complex configurations, so use the Cyber Range to learn something new, if you have not already done so.

Internet of Things and Operational Technology

Learn the tools and techniques needed to penetration test Internet of Things (IoT) and operational technology (OT) devices. Remember what you need to do when you get a machine on the Cyber Range.

Valuable Tips to Crack the Exam

These C|PENT tips helped me ace the exam:
  1. Don’t hesitate to try password guessing, cracking, and spraying. This could be an easy win and save you time, though don’t waste your time waiting for results. While the tool is doing its thing, continue with your enumeration and find what you can do next. Don’t hesitate to try different tools. They all work differently, and sometimes your second favorite tool can get you the password you need.
  2. The domain controller (DC) will not be accessible from the outside, so be prepared. Practice this well and keep your tools ready for ADRecon.
  3. Have your commands and scripts ready; you will need them. Don’t waste your time looking for them
  4. Be persistent. Some boxes will seem to be impossible to get, but follow the methodology you have learned, and you’ll see the benefits.

C|PENT Program Experience

I love learning new things, and C|PENT was the best course for learning new concepts. It is remarkably close to real-life scenarios and helps you understand how real-world penetration tests should be conducted. You also learn how to write a penetration test report and can take notes during the exam to prepare the report, which is amazing.

The C|PENT course has taught me many new things, including practical aspects of penetration testing. In addition, it helps with networking: I now have a lot of connections with security professionals worldwide and am part of the elite global group of ethical hackers who have cleared the C|PENT exam

Contributor Bio

Amit Agarwal is a research-oriented technology specialist in the field of telecommunications. In addition to his recently completed C|PENT certification, he holds EC-Council’s Certified Ethical Hacker (C|EH), Computer Hacking Forensic Investigator (C|HFI), and C|EH (Master) certifications and ranked in the global top 10 on the C|EH (Practical). Read Amit’s blog at http://blog.amit-agarwal.co.in/, connect with him on LinkedIn, and find him on YouTube @raj77india and Twitter @raj77in.
Share this Article
You may also like
Recent Articles

Train with EC-Council