search

Ligolo-ng (Double Pivot)

With Ligolo it is also possible to setup a double (or triple or more) pivot. See the following example

hashtag
Example

In this scenario we have initial access on Machine A.

We setup our initial pivot:

On Kali
sudo ip tuntap add user kali mode tun ligolo
sudo ip link set ligolo up
./proxy -selfcert -laddr 0.0.0.0:53

We setup our IP routes:

On Kali
sudo ip route add 192.168.110.0/24 dev ligolo
sudo ip route add 192.168.210.0/24 dev ligolo

We start our initial pivot:

On Kali (in Ligolo)
session
start

We connect Machine A to our Ligolo instance (transfer agent.exe to host), our Kali IP is 10.10.14.15:

On Machine A
./agent -connect 10.10.14.15:53 -ignore-cert

We start a listener on Machine A:

On Kali (in Ligolo)
listener_add --addr 0.0.0.0:9000 --to 0.0.0.0:80 --tcp

We connect Machine B to our Ligolo instance (through the listener on Machine A):

We create another tunnel interface (ligolo2), we route the internal IP range through this, we remove this internal IP range from our first tunnel interface:

We now swap to our new agent (note we pass our new tunnel interface):

This should look as follows in Ligolo:

When we access any 192.168.210.0/24 host we will access it through our pivot on Machine B.

circle-info

Note that you can also triple (or more) pivot with this method

Last updated