Ligolo-ng is a powerful tunneling tool designed for secure and flexible communication with internal networks through a secure channel. Using TLS and SOCKS5-based transport, it allows you to quickly organize remote access without the need to configure a proxy on the target machine. It is suitable for bypassing filtering and building complex C2-infrastructure. In this post we will discuss the features, use cases and peculiarities of Ligolo-ng configuration during red teaming operations.
Ligolo-ng is an advanced yet straightforward tunneling and pivoting tool designed for red teamers and penetration testers. It enables the establishment of tunnels from a reverse TCP/TLS connection using a TUN interface, eliminating the need for SOCKS proxies or proxychains. By creating a userland network stack with Gvisor, Ligolo-ng allows seamless interaction with internal networks, facilitating tasks like port scanning and lateral movement without requiring administrative privileges on the agent side.
Features
TUN Interface Support: Operates without the need for SOCKS proxies or proxychains.
User-Friendly Interface: Provides a simple UI with agent selection and network information.
Cross-Platform Compatibility: Supports multiple platforms for the agent.
High Performance: Utilizes multiplexing for efficient data handling.
Automatic Certificate Configuration: Integrates with Let's Encrypt for TLS certificates.
No Elevated Privileges Required on Agent: Operates without administrative access on the agent side.
Socket Listening/Binding: Allows socket operations on the agent.
Multiple Tunnel Handling: Can manage multiple tunnels simultaneously.
Automatic Tunnel Recovery: Recovers tunnels/listeners in case of network issues.
WebSocket Support: Enhances communication capabilities.
Web Interface and API: Offers a web interface and API for multiplayer support.
Daemon Mode: Runs Ligolo-ng as a service.
Auto-Bind Feature: Automatically configures tunneling when a specific agent connects.
Automatic Route and Interface Management: Supports autoroute on Windows, Linux, macOS, and BSD.
Agent Termination: Allows remote termination of agents.
Installation Guide
1. Download Precompiled Binaries
Precompiled binaries (Windows/Linux/macOS/BSD) are available on the Release page.
Ligolo-ng is now included by default in Kali Linux. You can install it using:
apt install ligolo-ng
2. Set Up the Proxy Server (Attacker Machine)
Create a TUN Interface:
sudo ip tuntap add user $(whoami) mode tun ligolo
sudo ip link set ligolo up
Start the Proxy Server:
./proxy -selfcert
Note: The -selfcert flag generates a self-signed certificate. For production environments, consider using Let's Encrypt certificates with the -autocert option.
3. Deploy the Agent (Target Machine)
Transfer the Agent Binary:
Use a method like wget or scp to transfer the agent binary to the target machine.
