First never ever broke your head before the exam with many people write-up about the exam (this can really be stressful because as a human every one love talking about himself and specially acting like superhero when he succeed). And these are my advices for you:
If you’re a not a professionnel, take the course and the LABs with INE. and better to start from zero with the eJPT and get certified
Also, if you are not in a hurry try to done all the “offensive learning path” with TryHackMe
Prepare for the battle with some chocolates and snacks, act like you are in a war for few days
Prepare your CheatSheet, and you can use mine: Pentest-CheatSheet.xlsx
The first Target you should exploit will be mentioned in the engagement letter. Do not overthinking about exploit and if you didn’t get a meterpreter session so try to reset the LAB and initiate again your DB MSF or use MSF5 (From my side I used MSF5)
meterpreter is solution for pivoting (Other pivoting technique like chisel etc.. it will be a waste of time): double-pivoting
Be careful MSF6 don’t support anymore socks4a its support “socks_proxy” as exploit
Good enumeration for every target because he will have the key to others and proxychains is important
Make your life easy in exploitation sometime similar technique can be used to exploit other elements.
Do not take the exam without doing some buffer over flow test, take care about this two: brainstorm offensive-penetration-testing « Module 6 »
This a beautifull write-up about buffer over flow: Gatekeeper
Reset is not the key for buffer over flow (be smart what can reset do if your target is already up?!), and just try different ports on your listener side and try to synthetize your exploit code
For the last target don’t think a lot for the escalation , the solution will show up in the first moment you got access to the machine (just think about it)
Reporting is very important I based on my own report on these: reporting_guide, randorisec, TCM-Security
Very important the exam not only to exploit/escalate Targets no (or catch the flag), take care to use Windows/Linux Enumeration technique or maybe some automated tools to gets all the possible vulnerabilities from the targets.
Last things eLearnSecurity also available on discord, install the application and have fun to chatting with all the hackers community students will be there (eLearnSecurity)