the link for the pivot machine asks for login creds i tried setting up an account but didnt found nowhere a account creation login for snaplabs couldu pls help
Just did this pivoting and hacked my local police department and they loved it! They even offered me a free room with free toilet and nice orange clothes! Life is good!
@ it was so good. I really took me the 10 days for the exam. I used every single minute I could until like 15 left. Submitted the report and found out I passed on the first try. It was a lot 😅😅
@@Michael_Jackson187 Oh yeah, just not any auto exploit tools. So avoid metasploit framework auto-exploits, sqlmap, but you can still use msfvenom (I faded it for a while and have had a few boxes where I couldn't get any of my reverse shells to work without it
This is so cool! It would be very interesting to do a forensic exam on the pivot machine to see what signs are left behind by Ligolo activity. Great video!
Please pontificate on this subject with some particulars. I am almost finished with my digital forensics cert, and I want to understand all of the practical scenarios I can. TY
Hey look, if someone sets up a server with two interfaces, one with a public IP and one with a private IP on a production internal LAN, AND they kindly let me install my hacking tool (or maybe just happen to have an unpatched vulnerability), AND they don’t use any firewall rules to limit access either on the public or private interfaces, AND they don’t use any endpoint protection tools, AND they don’t use any traffic inspections tools, it’s SO easy to hack them! /s Yeah this isn’t remotely how a DMZ is set up. For sure there are sloppy admins who have servers bridging public and private networks like this, but that’s not called a DMZ, that’s called an invitation to the Target and Equifax awards and breaching them would likely be far easier than using a fancy pivot tool like this. They probably have 3389 wide open so you can RDP right onto their server with a guest account like it’s 1999. New video title: Compromising networks with no security.
Can you make a video on protecting against this or simply show how to setup a detector for it? That would be sick. I had to subscribe after watching this demo, very well done!
A really good starting point is: if a machine is in the DMZ you should not add another Network to it (Hosts network in this case). It should not have multiple interfaces attached to other Networks than the DMZ. If the machine has multiple networks attaches no firewall can stop traffic
@@pimpnosimpg5416 Certainly! When setting up a DMZ, the goal is to isolate publicly accessible servers from the internal network to enhance security. Typically, servers in a DMZ have interfaces connected to both the external (untrusted) network and the internal (trusted) network. This setup allows external users to access services like web servers or email servers while keeping them separated from sensitive internal resources. However, if servers in a DMZ have interfaces connected to completely different networks, it could indicate a misunderstanding of how to properly configure a DMZ. The purpose of a DMZ is to create a buffer zone between the internet and the internal network, ensuring that any security breaches or attacks targeting public-facing services are contained and don't compromise internal systems. Placing servers with interfaces in different networks within a DMZ could create confusion and potentially undermine the intended security benefits of the DMZ architecture.
So how do you access servers in the DMZ from an internal network?
5 місяців тому+1
@flrn84791 You can't that's the purpose of a DMZ, it should not be accessed from the internal network, unless if you have access to the firewall box that manages the DMZ network.
Very cool and thanks for the video! Feedback: The multiple camera views of the video I am not the biggest fan of at this time. I feel more connected to the content when its the straight on camera angle where you are engaged with the viewers, when it switches seeing you looking in a different direction makes it feel disconnected from the content. If you plan on keeping the multiple angles personally I would like to see you engage the camera that is active. Appreciate all the new content you are producing! That is my .02.
@@rationalbushcraft if you set up your DMZ properly, you are correct, you would seriously limit and restrict access, most likely using an Internal firewall, so that your DMZ can only access the devices and servers it requires access to internally to function and also restrict any outbound traffic to the outside that isnt required. this does not completely remove the risk, it just reduces the scope of the attack and means the attacker may have to "pivot" a few times. Granted they can get the tunnel connected in the first instance.
@@factorialandha5929 I think the issue is that John is selling this as a way to move laterally without explaining further on how DMZs normally work. He says the devices in the DMZ can access the internal network when that's mostly untrue. DMZs are designed to have limited access to the internal network. This might confuse the many newbies watching his channel into thinking that all DMZs have unrestricted internal network access.
@@factorialandha5929how would I be able to regain access to my wifi security and remove multiple administrators off of my laptop? I've been struggling for four years with all of this, alongside of watching multiple videos on what's up with my sh*t(in my limited free time, I have kiddos) & all I've gotten through it all is headaches, very limited help, & laughed at on countless occasions...I have been reaching out everywhere & end up not getting responses or getting responses & then they disappear...it's definitely someone screwing with my network. I see some of the ports or channels are running interface & actually neighboring networks are as well... I tried the app the one popular app... I see multiple devices upon my Bluetooth same name under & identifying as whole other devices under a different color & or icon. I also have multiples of my one device showing in Google home(I've NEVER used Google home, ever) my kids baby monitor is pairing with random objects too. I live alone with my two little girls & am over all of this! I have little $ & what I've saved, I've put out to hire someone other than my service provider... They just mock me & change all of my info... Wifi name, password, & also made me a whole email address that I've never ever used. Sorry so long, but that's some of my sh*t. Any help would be greatly appreciated! Hope you had a beautiful 4th & hope you are well. I read your comment & you seem knowledgeable so I decided to take a shot & throw this out there. Thinking maybe, someone will reach out. You never know, if ya don't try, right?!?!? If I don't answer you, it's because my comments go missing. Alongside of everything tech wise in my life. It's been 4 years & I'd just like a little peace with it all. Ty for listening... 🫀
Hey quentin, it has been a while since somebody used verbiage that I had to look up on You Tube. Well said, beautiful nomenclature sir. This will be something I will use. Well spoken, if you don't mind, drop some more knowledge. I am thirsty for smart human interaction.
Bye bye Proxychains. Gonna use that fro my PNPT exam in 2 weeks. Quick test in my home lab worked flawlessly with your tutorial (well - the agent does get picked up by Defender, but for the purpose of exam-prep I deactivated it in my lab)
I tried using the autocert but it seems to have an issue. "yamux: Failed to write header: acme/autocert: missing server name ERRO[0151] could not register agent, error: session shutdown". For the purposes of taking exams and stuff though, this is super awesome, don't need real certs.
Hey john, you are one of the best and i have been learning from you from the last three years.. but hey did anyone tell you you look alot like that footballer Kevin De Bruyne
00:24 I can see your eyes reading off of a script!! CHEATER!! I thought you were a knowledge BEAST that knew all this from the top of his head when explaining it!!! How dare you prepare such a well prepared video with high production quality!!
Isn’t the certificate generated on the proxy side ie your kali box that does have internet? And then the TLS certificate can be verified offline by the agent
Aarch64 if you compile all Kali apps directly in MacOS or Fedora Asahi Linux. Off course Kali is easier, because of all the built in tools, but it’s way faster when you compile it natively.
9:00 John, what did you mean that selfsigned certificates are vulnerable for man in the middle attacks? I ofcourse might be wrong, but the encryption doesn't change (aslong as you do it correctly) only that there is no CA. And pretty much only case where this would be an issue would be in a externally communicating website, but for internal traffic, i dont see the issue with running selfsigned?
Because MiTM uses self signed cert as well, so if you tell ligolo to accept self-signed cert, there's no way to know if it is the self signed from from the ligolo device, or someone doing MiTM.
If you use a self signed cert AND verify its fingerprint, it’s actually safer than trusting a thirdparty. It’s just less convenient (ligolo could make it more convenient by pasting the fingerprint to accept) so this step is often skipped. However, do you fear you get hacked as a hacker? ,)
Cool Video 📼 How I wish these tools were not honeypots developed by Blue Team or the Government 😅 😡🙂😄 Just stick with the tradition 🤗 you what I mean. Cool video Thanks 🎉
You should really look into investing into a teleprompter so that you don't have to keep looking off the camera, in order to keep the audience engaged. Good work!
I'm still slightly annoyed that we have to type the tun add and route add commands manually. If ligolo ran as root, which I know it doesn't need to for the proxying, we wouldn't need to type in 3 commands each time and it would be truly automatized
As some constructive criticism for making your videos better, you should consider moving the monitor you're reading from closer to your camera. Probably underneath or above it. As it is now, your eyes are continually darting from the webcam to the screen. You're going back and forth and you lose that seemless effect of talking to the viewer while you're reading. Instead, it looks more like you're distracted and you keep looking at something "over there" while trying to address your viewers.
Yeay! Great Ligolo !!! oh wait most computers in a network don't have two NICs unless is a server and servers don't get malware from users clicking an email. So this means that Ligolo CAN"T move laterally. Damn too bad. Too much fanfare for things that almost never happen. Please tell me that I'm wrong!
I need to chat with you. I am in a position I am not sure what to do with. Its all new world to me, but I ended up at the end of it with a mountain of intel and I think I can connect quite a few dots
Wow this is awesome!! I will try to make it work on the pivoting labs of HTB. Hope this makes it easier. A video like this pivoting and double pivoting on windows environments will be really cool
Thanks john, I have downloaded adn installed it but you are realy fast explaining. Dont get all how to do properly. May be this video is for intro but if you have time please show us the complete tutorial like attacker machine ---> compromised machine --> then from pivoting how to do just for beginners. I am newbie. Many thanks in advance. Love your previous contents.
such a vibe so anyways if you want more security stuff check out jh.live/training and join up at jh.live/newsletter 👀
the link for the pivot machine asks for login creds i tried setting up an account but didnt found nowhere a account creation login for snaplabs couldu pls help
Just did this pivoting and hacked my local police department and they loved it! They even offered me a free room with free toilet and nice orange clothes! Life is good!
😂
Lmao good one!
Master life hack 🙌🏼
hahah😂😂
😂😂😂
im so glad i learned how to use ligolo before doing the CPTS exam. passed on the exam in august on the first attempt
Hey.. I am also preparing for CPTS.. can you tell me how was the exam
@ it was so good. I really took me the 10 days for the exam. I used every single minute I could until like 15 left. Submitted the report and found out I passed on the first try. It was a lot 😅😅
Ligolo is killer for the OSCP Active Directory set. 🎉
They let you use tools on the Oscp?
@@Michael_Jackson187 Oh yeah, just not any auto exploit tools. So avoid metasploit framework auto-exploits, sqlmap, but you can still use msfvenom (I faded it for a while and have had a few boxes where I couldn't get any of my reverse shells to work without it
@@Michael_Jackson187Check rules of engagement, some tools amd techmiques are not allowed, like Metasploit attack modules
@@Michael_Jackson187no you have to do the entire OSCP in assembly.
This is so cool! It would be very interesting to do a forensic exam on the pivot machine to see what signs are left behind by Ligolo activity. Great video!
Please pontificate on this subject with some particulars. I am almost finished with my digital forensics cert, and I want to understand all of the practical scenarios I can. TY
I love how you've grown into cybersecurity. I'm very rusty and think your videos are helping eliminate that rust.
In my experience, servers in a DMZ don't have a second interface on an internal subnet- that defeats the purpose of the DMZ.
Even then, there's usually a jump box or a way to access them or their network from an internal network
the RED side of my brain loves ya.
the BLUE side of my brain has constant headaches!
I wonder how anyone can provide such exciting content.
There are no two like you sir
Hey look, if someone sets up a server with two interfaces, one with a public IP and one with a private IP on a production internal LAN, AND they kindly let me install my hacking tool (or maybe just happen to have an unpatched vulnerability), AND they don’t use any firewall rules to limit access either on the public or private interfaces, AND they don’t use any endpoint protection tools, AND they don’t use any traffic inspections tools, it’s SO easy to hack them! /s
Yeah this isn’t remotely how a DMZ is set up. For sure there are sloppy admins who have servers bridging public and private networks like this, but that’s not called a DMZ, that’s called an invitation to the Target and Equifax awards and breaching them would likely be far easier than using a fancy pivot tool like this. They probably have 3389 wide open so you can RDP right onto their server with a guest account like it’s 1999.
New video title: Compromising networks with no security.
"I don't often easily pivot to internal networks from the DMZ but when I DO, I *always* fire off nmap scans of the entire /24!"
easy to understand, thanks John. Nifty piece of software
All of that is automated with the havoc-ligolo module as well! Cool video ^^
Thanks, didn't know that was a module
Can you make a video on protecting against this or simply show how to setup a detector for it? That would be sick. I had to subscribe after watching this demo, very well done!
A really good starting point is: if a machine is in the DMZ you should not add another Network to it (Hosts network in this case).
It should not have multiple interfaces attached to other Networks than the DMZ. If the machine has multiple networks attaches no firewall can stop traffic
I just learnt about this tool a few weeks back for my OSCP prep. looking forward to using it in my exam soon
Anybody putting servers in a DMZ with interfaces that reside in completely different networks probably needs a recap on exactly what a DMZ is for.
Can u explain pls?
Right! Thank you! I know he has more experience than me, but I was like no bueno hombre.
@@pimpnosimpg5416
Certainly! When setting up a DMZ, the goal is to isolate publicly accessible servers from the internal network to enhance security. Typically, servers in a DMZ have interfaces connected to both the external (untrusted) network and the internal (trusted) network. This setup allows external users to access services like web servers or email servers while keeping them separated from sensitive internal resources.
However, if servers in a DMZ have interfaces connected to completely different networks, it could indicate a misunderstanding of how to properly configure a DMZ. The purpose of a DMZ is to create a buffer zone between the internet and the internal network, ensuring that any security breaches or attacks targeting public-facing services are contained and don't compromise internal systems. Placing servers with interfaces in different networks within a DMZ could create confusion and potentially undermine the intended security benefits of the DMZ architecture.
So how do you access servers in the DMZ from an internal network?
@flrn84791
You can't that's the purpose of a DMZ, it should not be accessed from the internal network, unless if you have access to the firewall box that manages the DMZ network.
These always start with, "let's assume we already obtained access to this host". That's the hard part. Everything else is easy.
Jesus John your content has improved soo much!!!
We love you man :D
Thank you! It's a team effort. :)
Very cool and thanks for the video!
Feedback: The multiple camera views of the video I am not the biggest fan of at this time. I feel more connected to the content when its the straight on camera angle where you are engaged with the viewers, when it switches seeing you looking in a different direction makes it feel disconnected from the content. If you plan on keeping the multiple angles personally I would like to see you engage the camera that is active. Appreciate all the new content you are producing! That is my .02.
this is super clean content now i love it. Love the examples shown
John's background looks dope !! wow
I'm really glad that you broke down the meaning of cross-platform, I never would have guessed. 😂
I would think most DMZs would block unnecessary ports to the inside. Am I missing something here?
Its actually an outgoing connection from the dmz. It doesnt need an open port from the outside.
@@Youtupe69 I get that but doesn’t it need ports between the Private and DMZ? At least whatever port it is using for the proxy connection.
@@rationalbushcraft if you set up your DMZ properly, you are correct, you would seriously limit and restrict access, most likely using an Internal firewall, so that your DMZ can only access the devices and servers it requires access to internally to function and also restrict any outbound traffic to the outside that isnt required.
this does not completely remove the risk, it just reduces the scope of the attack and means the attacker may have to "pivot" a few times. Granted they can get the tunnel connected in the first instance.
@@factorialandha5929 I think the issue is that John is selling this as a way to move laterally without explaining further on how DMZs normally work. He says the devices in the DMZ can access the internal network when that's mostly untrue. DMZs are designed to have limited access to the internal network. This might confuse the many newbies watching his channel into thinking that all DMZs have unrestricted internal network access.
@@factorialandha5929how would I be able to regain access to my wifi security and remove multiple administrators off of my laptop? I've been struggling for four years with all of this, alongside of watching multiple videos on what's up with my sh*t(in my limited free time, I have kiddos) & all I've gotten through it all is headaches, very limited help, & laughed at on countless occasions...I have been reaching out everywhere & end up not getting responses or getting responses & then they disappear...it's definitely someone screwing with my network. I see some of the ports or channels are running interface & actually neighboring networks are as well... I tried the app the one popular app... I see multiple devices upon my Bluetooth same name under & identifying as whole other devices under a different color & or icon. I also have multiples of my one device showing in Google home(I've NEVER used Google home, ever) my kids baby monitor is pairing with random objects too. I live alone with my two little girls & am over all of this! I have little $ & what I've saved, I've put out to hire someone other than my service provider... They just mock me & change all of my info... Wifi name, password, & also made me a whole email address that I've never ever used. Sorry so long, but that's some of my sh*t. Any help would be greatly appreciated! Hope you had a beautiful 4th & hope you are well. I read your comment & you seem knowledgeable so I decided to take a shot & throw this out there. Thinking maybe, someone will reach out. You never know, if ya don't try, right?!?!? If I don't answer you, it's because my comments go missing. Alongside of everything tech wise in my life. It's been 4 years & I'd just like a little peace with it all. Ty for listening... 🫀
I literally just learned about this program after having trouble with chisel on my OSCP lol. Cannot wait to try it out.
How was the exam ?
@@BlackwinghacksBlogspot Whooped my ass
this tool would make the job a lot easier thank you for the demo man keep up the good work much love from Saudia Arabia
Its easier to social engineer today directly to internal network via employee weakness (especially new people to country)
Explaining what Kali is and what is a "cross-platform" software while presenting a network pivoting tool for advanced pentesters is killing me
Gotta fill the time
Started using this tool yesterday...
Hopefully, I'll get to understand it here
i dont know why i wasnt subscribed to your channel❤🔥
Please don't listen to the people who are complaining about being your video slow. Don't change it. Most of the creator are really hard to understand
Great stuff, looking forward to test it out. Thanks
Hi John sir 👋 love from India 🇮🇳
Thank you John! 🙂
Nice tool & nice watch 🥳
Brilliant pedagogy
Hey quentin, it has been a while since somebody used verbiage that I had to look up on You Tube. Well said, beautiful nomenclature sir. This will be something I will use. Well spoken, if you don't mind, drop some more knowledge. I am thirsty for smart human interaction.
What is the CN of the let’s encrypt certificate? Perhaps you could easily traverse ligolo certificates via the certificate transparency database…
Thanks for making this tutorial
Great video and tools thanks!
You're simply the best
Great video, John!
Thank you John!
Thank you so much John for sharing, all that super useful knowledge with us. I realy enjoying watching your videos. 👍
1:38 "links below"
Never once has anyone on this platform delivered on that promise
Thanks for all the content, again very nice video !
Bye bye Proxychains. Gonna use that fro my PNPT exam in 2 weeks.
Quick test in my home lab worked flawlessly with your tutorial (well - the agent does get picked up by Defender, but for the purpose of exam-prep I deactivated it in my lab)
would've like to see a double pivot.
Great video,
Keep it up 💪🎉🎉
This concept can be achieved with dynamic port forwarding with SSH too right? But just that it’s slower when running nmap scans?
i read ligolo as gigolo i need sleep ☠☠☠
Awesome mate Thanks
Great Video!! Thanks for sharing this
does this mean you will be able to access the subnet of the companies assuming they are using active directory
Sir , after completing bca course then what course should we take to fully completed cybersecurity or Ethical hacking
Is there a way to find out if agent has been installed on machine, for example ligolo agent? In case, AV cannot find anything...
Is it just me who doesn't like the vision mixer(camera transition) ?😅
I tried using the autocert but it seems to have an issue. "yamux: Failed to write header: acme/autocert: missing server name
ERRO[0151] could not register agent, error: session shutdown". For the purposes of taking exams and stuff though, this is super awesome, don't need real certs.
Where was this program when i took eCPPT? great video!!
❤ love your videos ❤❤
Good stuff. Hopefully it doesn't get popped by EDR soon.
Wow -Prefect WHy Don't UA-cam Give you a strike !?
What about docker, sysdig and Falco??
Wow awesome tool. Could you maybe do a follow up of some more complex scenario's?
Hey john, you are one of the best and i have been learning from you from the last three years.. but hey did anyone tell you you look alot like that footballer Kevin De Bruyne
I’m not a computer expert, Jack Rhysider warped my brain so I listen to videos like this to relax at bedtime
Lol exactly the same happened to me, now a few years later I'm working as a pentester.
Thanks Jack 🤣
00:24 I can see your eyes reading off of a script!! CHEATER!! I thought you were a knowledge BEAST that knew all this from the top of his head when explaining it!!! How dare you prepare such a well prepared video with high production quality!!
Isn’t the certificate generated on the proxy side ie your kali box that does have internet? And then the TLS certificate can be verified offline by the agent
Can we still use this in network client isolation network ? I mean if the access restricted network withing the same vlan clients ?
Thanks
John Hammond more Tut like this plz
Aarch64 if you compile all Kali apps directly in MacOS or Fedora Asahi Linux. Off course Kali is easier, because of all the built in tools, but it’s way faster when you compile it natively.
I guess you could also use that as a quick and dirty solution to create bridges to fix problems with NATed networks, right? 😅
Could we get a link to the template of the cloud lab? I may just be blind but i couldnt find it
💥EXCELLENT VIDEO - GREAT SKILLS SHARING - MUST WATCH - THANK YOU 💥
where is the link to the cloud lab ?
9:00 John, what did you mean that selfsigned certificates are vulnerable for man in the middle attacks?
I ofcourse might be wrong, but the encryption doesn't change (aslong as you do it correctly) only that there is no CA. And pretty much only case where this would be an issue would be in a externally communicating website, but for internal traffic, i dont see the issue with running selfsigned?
Because MiTM uses self signed cert as well, so if you tell ligolo to accept self-signed cert, there's no way to know if it is the self signed from from the ligolo device, or someone doing MiTM.
@@nekkrokvlt ahh so it’s not a diss on self signed certs in general but only in the way that ligolo gets a hold of its cert. Thanks for the response
If you use a self signed cert AND verify its fingerprint, it’s actually safer than trusting a thirdparty. It’s just less convenient (ligolo could make it more convenient by pasting the fingerprint to accept) so this step is often skipped. However, do you fear you get hacked as a hacker? ,)
Nice Video. But in my opinion it is a little to hectic. The cuts look cool, but they are a bit confusing.
So you should have a machine in DMZ to get it works
What keyboard are you using?
Cool Video 📼
How I wish these tools were not honeypots developed by Blue Team or the Government 😅 😡🙂😄
Just stick with the tradition 🤗 you what I mean.
Cool video Thanks 🎉
Yo I cannot seem to find the premade template.
Very nice
Jesus 1 million subs and now we see john for multiple angles in real time
wow john i love u more than i love myself
Oh, don’t advocate for “real” certs. That’s evidence! Self-signed cert is perfect for this application.
PIVOT
- Ross Geller
I like this new version videos
You should really look into investing into a teleprompter so that you don't have to keep looking off the camera, in order to keep the audience engaged. Good work!
i just pivoted into a room with a lot of people crumped up in one place. their shirts have the huge P in their backs
I'm still slightly annoyed that we have to type the tun add and route add commands manually. If ligolo ran as root, which I know it doesn't need to for the proxying, we wouldn't need to type in 3 commands each time and it would be truly automatized
As some constructive criticism for making your videos better, you should consider moving the monitor you're reading from closer to your camera. Probably underneath or above it.
As it is now, your eyes are continually darting from the webcam to the screen. You're going back and forth and you lose that seemless effect of talking to the viewer while you're reading.
Instead, it looks more like you're distracted and you keep looking at something "over there" while trying to address your viewers.
Yeay! Great Ligolo !!! oh wait most computers in a network don't have two NICs unless is a server and servers don't get malware from users clicking an email. So this means that Ligolo CAN"T move laterally. Damn too bad. Too much fanfare for things that almost never happen. Please tell me that I'm wrong!
Anytime you open up a web page on my screen it got all garbage and pixelated like. But no the sponsors Segway worked fine...
Thank you, great study material for the comptia sec+ test that I'm studying for
anyone facing this in double pivor ? error: a tunnel is already using this interface name. Please use a different name using the --tun option
Thanks Sir$
Windows will flag ligolo as malicious soon ;p
I need to chat with you. I am in a position I am not sure what to do with. Its all new world to me, but I ended up at the end of it with a mountain of intel and I think I can connect quite a few dots
Make a video about jwt encrypted token as well
Wow this is awesome!! I will try to make it work on the pivoting labs of HTB. Hope this makes it easier. A video like this pivoting and double pivoting on windows environments will be really cool
Credit for the background music in the beginning goes to... ?
??
this thing is very dangerous program!
Thanks john, I have downloaded adn installed it but you are realy fast explaining. Dont get all how to do properly. May be this video is for intro but if you have time please show us the complete tutorial like attacker machine ---> compromised machine --> then from pivoting how to do just for beginners. I am newbie. Many thanks in advance. Love your previous contents.