Mastering ligolo-ng: The Ultimate Pentesting Tool for Remote Access

Kali Linux Course #327: Using ligolo-ng for Penetration Testing

# Kali Linux Course #327: Using ligolo-ng for Penetration Testing## IntroductionIn this section, we will delve into **ligolo-ng**, a powerful tool designed for penetration testing, especially when it comes to establishing remote access across NAT (Network Address Translation) and firewalls. Ligolo-ng operates by creating secure tunnels, which is beneficial for pentesters looking to access internal networks securely. We will cover the installation and configuration process on Kali Linux, guide you through step-by-step usage, and explore real-world use cases. Additionally, we will provide the technical details that explain how ligolo-ng works and why it is a valuable tool for cybersecurity professionals.## Installation and Configuration on Kali LinuxBefore we can utilize ligolo-ng, we need to install it and configure it correctly on our Kali Linux machine. Follow these steps to get started:### Step 1: Update your Kali LinuxFirst, ensure your system is up to date. Open a terminal and run the following commands:### Step 2: Install DependenciesLigolo-ng requires certain dependencies to function correctly. We can install these with:### Step 3: Clone the ligolo-ng RepositoryNow, let’s clone the ligolo-ng repository from GitHub using the following command:### Step 4: Build ligolo-ngNavigate into the cloned directory and build the project:### Step 5: Move the BinaryOnce built, we will move the binary to make it easily executable from anywhere in the terminal:### Step 6: Verify InstallationFinally, verify that ligolo-ng is installed correctly by checking the help command:If you see the help information, the installation was successful!## Configuration of ligolo-ngBefore using ligolo-ng, it is crucial to configure it correctly. Ligolo-ng operates in a client-server model. One instance will be your server, while the other will be your client.### Server ConfigurationTo set up a server:1. **Run the ligolo-ng server command:**– `-l :4444` indicates that the server will listen on port 4444. You can choose another port if necessary, but make sure it is allowed through your firewall.2. **Note your external IP address:**To find out your public IP address where the ligolo-ng server is running, use:### Client ConfigurationThe client needs to connect to the ligolo-ng server. You can do this from any remote machine.1. **Run the ligolo-ng client command:**– Replace `` with the public IP address you retrieved earlier.### Firewall Configuration (if applicable)Make sure that your firewall or any network-based security solutions (like IDS/IPS) allow traffic through the chosen port. You can use `ufw` to allow traffic through port 4444:

העתק את הקוד הועתק Use a different Browser

sudo ufw allow 4444/tcp

## Step-by-Step Usage and Real-world Use Cases### Step 1: Establish a Connection1. **Run the server on the attacker machine:**

העתק את הקוד הועתק Use a different Browser

ligolo-ng server -l :4444

This command will set up a listening server.2. **Connect from the client machine:**

העתק את הקוד הועתק Use a different Browser

ligolo-ng client -r :4444

### Step 2: Verify the TunnelOnce the connection is established, you can verify that a tunnel is created by checking the server terminal for incoming connections. At this point, any commands executed from the client will be tunneled through the server.### Real-world Use Case: Remote Shell AccessImagine you have compromised a machine inside a network protected by a firewall and NAT. Using ligolo-ng, you can create a tunnel to the attacker machine that allows you to execute commands as if you were on the internal network.1. **On the attacker's machine, start the server:**

העתק את הקוד הועתק Use a different Browser

ligolo-ng server -l :4444

2. **On the compromised machine (client), initiate the connection:**

העתק את הקוד הועתק Use a different Browser

ligolo-ng client -r :4444

3. **Access internal resources:**With this tunnel, you can access services on the internal network by targeting their local IPs.## Detailed Technical ExplanationLigolo-ng operates by utilizing a reverse tunneling technique. Understanding this concept is key to leveraging its capabilities effectively. Here are the main components involved:– **Reverse Tunnel:** Ligolo-ng establishes a reverse tunnel from the victim machine (client) to the attacker's machine (server). The victim initiates the connection to the server, allowing the attacker to interact with the local services on the victim machine.– **NAT traversal:** Ligolo-ng is particularly useful for scenarios where the victim resides behind a NAT or a firewall. Since the connection to the server is initiated from the victim, it can bypass restrictions that would normally block incoming connections to the attacker’s machine.### External ReferencesFor more detailed reading on ligolo-ng and its underlying technologies, you can refer to the following resources:– [ligolo-ng GitHub Repository](https://github.com/EntySec/ligolo-ng) – [Understanding TCP/IP Networking](https://www.tcpipguide.com/free/t_tcpipoverview-2.htm) – [NAT Traversal Techniques](https://tools.ietf.org/html/rfc4787)### Code ExamplesHere are some command snippets formatted for easy reference in WordPress:

העתק את הקוד הועתק Use a different Browser

# Update and Upgrade Kali
sudo apt update && sudo apt upgrade -y

# Install Git and Go
sudo apt install git golang -y

# Clone ligolo-ng repository
git clone https://github.com/EntySec/ligolo-ng.git

# Build ligolo-ng
cd ligolo-ng
go build

# Move binary to local bin
sudo mv ligolo-ng /usr/local/bin/

# Start ligolo-ng server
ligolo-ng server -l :4444

# Connect from client
ligolo-ng client -r :4444

By following the outlined steps and understanding the core concepts of ligolo-ng, you have unlocked the potential of remote access penetration testing. This tool can significantly enhance your capabilities in testing network security, making it an essential part of your pentesting toolkit.—Made by pablo rotem / פבלו רותם