Ligolo-ng

Ligolo-ng is a simple, lightweight and fast tool that allows pentesters to establish tunnels from a reverse TCP/TLS connection using a tun interface (without the need of SOCKS).

Source: https://github.com/nicocha30/ligolo-ng

Set up the network

$ sudo ip tuntap add user [your_username] mode tun ligolo 
$ sudo ip link set ligolo up

set this on Kali/C2 Server

Pivoting

My environment:

• Kali = C2 Server

• Debian = target

• Windows = Agent

• Kali (c2) doesn't communicate with the Target

• So, we'll create the tunneling and after that we can access the target via Kali directly without the use of Proxychains

Diagram of my Network

Open the Server

Connect the Agent to the Server

• Here we can access the Session + number

• Type help to view all commands

• We can add a Listener to grab to Move Laterally

• But in this case, we just wanna look at the network with ifconfig

ifconfig in the session

• We've "found" a new network

• We can add it in the Kali/C2

Vmware interface

Add the route

• In my target machine, I opened a web server in the 3rd machine (Isolated) just for demonstration

Web server in the 3rd machine (Isolated)

Start the tunneling on the Session of the Kali/C2

• Now we can access the Target machine directly

Nmap the Target

Curl the webserver