Network Pivoting with Ligolo-NG
Vložit
- čas přidán 22. 05. 2023
- In this video I show how you can use Ligolo-NG to setup simple network pivots for use in your OSCP prep and use Ligolo's handy listener functionality to transfer files and receive reverse shell connections from machines on internal networks!
I exclusively used Ligolo in my OSCP prep and felt that many folks could benefit from seeing a simple walk-through on how to use this tool. Let me know what you think and Let me know what other types of content you'd like to see!
Join my Discord!: / discord
Timestamps:
Lab Overview: 00:43
Setting up Ligolo: 1:30
Setting Up Network Pivot: 6:13
Using Listeners to Receive Reverse Shells: 9:30
Using Listeners to Transfer Files: 14:00
Here are some awesome resources if you are looking to read more about Ligolo usage:
github.com/nicocha30/ligolo-ng - Ligolo-NG GitHub
4pfsec.com/ligolo
Forgive the background noise..apparently it was recess time at the elementary school across the street. - Věda a technologie
Timestamps:
Lab Overview: 00:43
Setting up Ligolo: 1:30
Setting Up Network Pivot: 6:13
Using Listeners to Receive Reverse Shells: 9:30
Using Listeners to Transfer Files: 14:00
do we need public ip to connect back from agent?
My dude after struggling with all types of pivoting you made this stupid easy for me to follow and understand. You sir are a hero.
Thank you - glad to have helped!
I do want to thank you for the way you explain the listeners, It would be nice if you could show how to pivot a second subnet!
This tool is unbelievable. It is over 100 times faster than using proxychains through a chisel tunnel. The fact that you can visualise all your connections and add listeners is a complete game changer. Incredible.
Your video was very helpful and broke down the logic clearly. Thank you.
As someone who's going to attempt the exam within 24 hours, this is a godsend man! Going to make thorough notes to use this all i can tomorrow. Thanks for the video!!
Good Luck!!
@@Gonski-Cyber thanks very much!! ❤️
Best of luck to you!!!! Taking mine in 2 weeks.
how is ur exam bro?
How was it?
Just got to the Port tunneling portion of the OSCP. Going to add this to my toolkit
Great overview of ligolo's abilities. Thanks!
Mega video , very well taught and thought out
Thank you for putting this video together.
You are very good at explaining things. If you can keep posting. You could make a series of videos describing most popular tools for pentesting.
Appreciate it! I do need to make some more videos xD
You’re a 🐐, I was struggling for hours trying to get a shell back 😅
Great video. Very helpful. Thanks!
Insane man Love you for demonstrating in detail !!
You have a great calm, precise well explaining voice to listen to.
I love your great content and demonstration. Look forward to see another video. Peace.
What an awesome instructional video man, covered every base and question I could have had. Subscribed dude!
Thank you very much for this video! I’m in the labs right now!
Great Video thanks! Using this in the OSCP labs rn!
Dude, your video is really crystal clear ! Thanks a bunch for sharing !
Excellent content. You are a natural. Keep making content.
Thank you very much for sharing the usage of this tool, which easily helped me solve the challenge regarding Pivoting !
first video but most informative video learned something new
Thank you for the video! ome friends and I are studying for the OSCP now, and watched it together on Twitch and Discord! :)
You know, what OSCP students need. Exact points. Good job. Thank you!!!
Great tutorial, very clear explanation. I hope you get time to make more videos
Amazing video, thank you!
Very understandable explanation, which I could easily follow and implement in the OSCP Lab. Thank you very much! :)
KOBE. This video resolved all my concerns. Taking exam Tuesday
Great explanation! I encourage you to do more videos, as you have a talent for it 🙂
You are the goat. What an explanation and how easy you made us to understand how to work with ligolo. Great Job!
That's very handy! And seems faster than socks5 proxy chains. Awesome video!
Awesome video, love the easy step-by-step walkthrough. Worked perfectly!! It's good that you also explain why you do certain steps, makes it comprehensible
Dude you are a savior.
This is a godsend! I’m literally doing the oscp labs and this comes in at a super handy time.
Thank you so much!
Did it work for you?
Pretty good video. Thanks for that.
mate i would like to thank you for this - sooooo appreciatedddddddd - saved my life
This vid was brilliant. Currently doing Wreath on THM to practice pivoting with sshuttle, proxychains etc. Definitely adding Ligolo to my toolkit! Very well explained I have a much better understanding now. Thank you!
Brilliant! Thank you!!!
Excellent video
Very insightful
Awesome video Gonskkkk!
Thank you!!! very straight and to the point and easy to follow along with. Dude I was using chisel for a while from the OSCP material but ligolo is SOOOOO much better. I like the c2 feel of it as well.
Amazing video!
excellent video boss, this is much more preferrable than prepending every command with proxychains xD, thanks!
Sick! That completely removes the need to arse about with four or five tools to connect back. I remember Wreath on THM was a complete ball ache because of multiple pivoting tools
Yes exactly! I do recommend completing the Wreath room on THM to anyone prepping for OSCP just to get that basic intro but Ligolo is definitely and upgrade!
Good video bro, keep doing it ,)
exactly what I needed :D
Great video!
Legendary!
Thanks. Want to give it a whirl myself now.
good shit homie
Amazing. Thank you. (:
My saviour !!
You da man homie!!!!
Good man
thank you so much, it saves my day, it is way better than chisel
Fantastic instructions.. this definitely is gonna save my bacon. Please make more videos lol :)
I do need to make some more videos! Anything in particular you'd like to see?
Amazing make more OSC videos!! Like exploiting AD or SMB or VNC or OSCP related!!🤠
Yo! Nice sh^7!
Awesome video. You've got a really clear and logical way of presenting the topic. 🤯
Question: what about cleanup? I imagine working through lots of exercises or the test could create a heap of routes. Is there a cleanup process? or is it just manual deletion of the routes?
Great question - to be honest I think for the scope of the OSCP exam or any online labs you would use this tool in, I believe just closing and killing the sessions is all you'd need. However I think it's important to note that if you are performing a pentest on a remote device and are adding routes to the devices routing table - you'd want to be sure you are clear on what routes you've added and make sure you do clean those routes off the testing device before plugging it into another network, if that makes sense.
please upload again!
Again, thank you so much for this. Can your next video please be how to jump from ms02 to DC01? Thanks a lot
From the perspective I showed in this video, there shouldn’t be a need to go thru ms02 to hit DC01. Only reason why I didn’t show the jump to dc01 in this video is because my DC VM went to sleep during the recording. But once you have the pivot setup you’ll be able to scan and interact with DC01
@@Gonski-Cyber oh I see, yeah I was trying to picture myself doing the same but from ms02 to dc01. But couldn't find a way without getting lost on it. Anyways, thank you so much for this. Do you know any machine I can practice this on? I Subscribe, keep coming the good work
TryhackMe's Wreath room would be good practice with pivoting. Additionally HTB's Zephyr pro lab is perfect practice for ligolo @@MygenteTV
Hey there. Great video! I do have a question that I have experience getting into network and setting up pivots- and transferring files into the network. What are you using to transfer file out of the network- like the out put of a winPEAS scan for example?
How do you add the same pivot in client02 to access DC?
Xoxoxo
Great video, very well explained! Has anyone been able to run the proxy using mac os? How do you create the mode tun interface on mac os?
Great vid, thanks very much! I'm in the process of doing OSCP challenge labs. As a longtime Windows admin I've been defaulting to netsh port proxy'ing wherever possible. Got up to speed with SSH tunneling and I have to say found chisel to be pretty flaky. Looking forward to spinning Ligolo up this evening. It seems as user friendly as Meterpreter for the pivot functionality, I assume OffSec don't put any restrictions on using this in the exam?
Not that I am aware of, you should be able to use ligolo free of worry on the exam - best of luck!
Great video!!
How can we use this to run responder?
Say on the internal network where we can't reach our kali attacker machine.
we run responder on our attacker machine and trying to get traffic from the internal network?
I tried to set up a listener on the pivot machine to send back to our attacking machine but im not getting any hashes with responder.
I am able to get meterpreter shells from internal network going through the pivot host to our attacking machine with the listeners and transfer files.
Getting this responder traffic is a bit more difficult.
Good question - off the top of my head I am not sure how well responder will work thru a ligolo tunnel. Something work trying and might make a good little test for ya!
Hey @Gonski-Cyber Great Video !! Love It
thm wreath network, thm holo network, htb pro labs(Dante, Offshore) :)
I was able to get a reverse shell and transferring files to the victim machine working perfectly as shown in the video. But does anyone know how to set it up for transferring files from the windows victim machine back to kali for data exfiltration?????
@Gonski Cyber
@spoon2k did you find a soltuion ?
how ican use ligolo-ng with bettercap
and what about client02 to access DC
any idea why this is happening on double pivot ?error: a tunnel is already using this interface name. Please use a different name using the --tun option
wow. would you please share your .zshrc file? I really like the colours
Up
how can we tranfer files from windows machine to kali linux?
To transfer files you may need to setup a specific listener like I specify near the end of the video! Similarly to how you need to point a reverse shell at the IP:port of the listener, you will need to do the same for transferring files and then when you want to retrieve the file on the other end instead of curling or wget'ing your Kali IP you would curl/wget the IP:port of your listener!
who already setup ligolo when already have a tun interface up like connection to THM
Each time I try to do it It doesn't work
Brooooo im an idiot. Not downloading this tool correctly cost me the oscp. I had this same set up, i was in the box and became administrator. But couldn't find a way to move laterally. I did an error of downloading two proxys and not proxy and agent🤦🏻♂️
how can u make file permissions colorful like that ?
The tool I used is called Exa! Simply add an alias in your ~/.zshrc for exa when you run ls -l
@@Gonski-Cyber thx bro
Hey mate what terminal emulator is this?
just the standard terminal interface that comes installed on Kali Linux!
Meh