ligolo-ng icon indicating copy to clipboard operation
ligolo-ng copied to clipboard

Published 20 hours ago verified publisher icon nicocha30

Local port redirect

Open SecT0uch opened this issue 2 years ago • 1 comments

What is there a way to expose expose ports listening on localhost ?

I have a Linux proxy and a Windows agent that can communicate through an OpenVPN tunnel (both in 10.10). On the agent 127.0.0.1:3306 is listening.

I run in the proxy: listener_add --addr 0.0.0.0:1234 --to 127.0.0.1:3306 --tcp

I can't add the route to the Windows host as it disconnects the agent.

I added a forged route: ip route a 42.42.42.42 dev ligolo and it seems the packets a forwarded to the agent but no response in return.

SecT0uch avatar Apr 25 '22 21:04 SecT0uch

This is a good question.

This could be possible by using an iptables rule... I will add this feature in the future.

nicocha30 avatar Apr 26 '22 13:04 nicocha30

+1 bump on this. Would make a great addition especially for OSCP takers looking for a better alternative to chisel B)

jesuspabloalfaro avatar Oct 23 '23 09:10 jesuspabloalfaro

I was having this exact problem trying to do an iptables black magic fuckery, pls save my sanity.

Thy-GoD avatar Nov 03 '23 15:11 Thy-GoD

@SecT0uch @jesuspabloalfaro @Thy-GoD Implemented in latest Ligolo-ng (v0.5.1) release. https://github.com/nicocha30/ligolo-ng?tab=readme-ov-file#access-to-agents-local-ports-127001

nicocha30 avatar Dec 30 '23 21:12 nicocha30

you are the best! side note, i passed OSCP thanks to ligolo <3

jesuspabloalfaro avatar Dec 30 '23 22:12 jesuspabloalfaro

@SecT0uch @jesuspabloalfaro @Thy-GoD Implemented in latest Ligolo-ng (v0.5.1) release. https://github.com/nicocha30/ligolo-ng?tab=readme-ov-file#access-to-agents-local-ports-127001

How does it behave in case of multiple connected agents?

StayPirate avatar Feb 12 '24 13:02 StayPirate

How does it behave in case of multiple connected agents?

Unfortunately I didn't have the occasion to use it yet. :/

SecT0uch avatar Feb 12 '24 14:02 SecT0uch

I connected two agents to the proxy, routed 240.0.0.1 to the ligolo tun interface. When I try to reach that IP from my machine (where the proxy runs) the traffic is forwarded to the first connected agent (session 1). I then switched to session 2 on the proxy TUI, with the command session selecting the second session, then i tried to reach out 240.0.0.1 again, but still the first agent replied.

@nicocha30 how should we use this feature to forward local ports from a different agent?

StayPirate avatar Feb 13 '24 13:02 StayPirate

@StayPirate switching to another session will not change the current "routing". You need to start a relay on the other agent (and specify another interface using start --tun ligolo2), then change your system routing table to forward packets to 240.0.0.1 via ligolo2.

nicocha30 avatar Feb 13 '24 14:02 nicocha30