How Hackers Move Through Networks (with Ligolo)
Вставка
- Опубліковано 16 січ 2024
- jh.live/vanta || Prove your security compliance with Vanta! Get $1,000 off with my link: jh.live/vanta
The Pivoting Lab SnapLabs template: jh.live/pivoting
Free Cybersecurity Education and Ethical Hacking with John Hammond
📧 JOIN MY NEWSLETTER ➡ jh.live/email
🙏 SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎 FOLLOW ME EVERYWHERE ➡ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/discord ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
🔥 UA-cam ALGORITHM ➡ Like, Comment, & Subscribe!
Sorry, I just added the Pivoting Lab SnapLabs template link now: jh.live/pivoting
Thanks for watching and all your support! (and psst, check out Vanta! jh.live/vanta )
Is this template still accessible? I am unable to reach it on SnapLabs. Just gives me "network error" when trying to open it.
Just did this pivoting and hacked my local police department and they loved it! They even offered me a free room with free toilet and nice orange clothes! Life is good!
😂
Lmao good one!
Master life hack 🙌🏼
hahah😂😂
😂😂😂
Ligolo is killer for the OSCP Active Directory set. 🎉
They let you use tools on the Oscp?
@@Michael_Jackson187 Oh yeah, just not any auto exploit tools. So avoid metasploit framework auto-exploits, sqlmap, but you can still use msfvenom (I faded it for a while and have had a few boxes where I couldn't get any of my reverse shells to work without it
@@Michael_Jackson187Check rules of engagement, some tools amd techmiques are not allowed, like Metasploit attack modules
@@Michael_Jackson187no you have to do the entire OSCP in assembly.
In my experience, servers in a DMZ don't have a second interface on an internal subnet- that defeats the purpose of the DMZ.
I love how you've grown into cybersecurity. I'm very rusty and think your videos are helping eliminate that rust.
im so glad i learned how to use ligolo before doing the CPTS exam. passed on the exam in august on the first attempt
This is so cool! It would be very interesting to do a forensic exam on the pivot machine to see what signs are left behind by Ligolo activity. Great video!
Please pontificate on this subject with some particulars. I am almost finished with my digital forensics cert, and I want to understand all of the practical scenarios I can. TY
Anybody putting servers in a DMZ with interfaces that reside in completely different networks probably needs a recap on exactly what a DMZ is for.
Can u explain pls?
Right! Thank you! I know he has more experience than me, but I was like no bueno hombre.
@@pimpnosimpg5416
Certainly! When setting up a DMZ, the goal is to isolate publicly accessible servers from the internal network to enhance security. Typically, servers in a DMZ have interfaces connected to both the external (untrusted) network and the internal (trusted) network. This setup allows external users to access services like web servers or email servers while keeping them separated from sensitive internal resources.
However, if servers in a DMZ have interfaces connected to completely different networks, it could indicate a misunderstanding of how to properly configure a DMZ. The purpose of a DMZ is to create a buffer zone between the internet and the internal network, ensuring that any security breaches or attacks targeting public-facing services are contained and don't compromise internal systems. Placing servers with interfaces in different networks within a DMZ could create confusion and potentially undermine the intended security benefits of the DMZ architecture.
easy to understand, thanks John. Nifty piece of software
this is super clean content now i love it. Love the examples shown
All of that is automated with the havoc-ligolo module as well! Cool video ^^
this tool would make the job a lot easier thank you for the demo man keep up the good work much love from Saudia Arabia
I wonder how anyone can provide such exciting content.
There are no two like you sir
Thank you so much John for sharing, all that super useful knowledge with us. I realy enjoying watching your videos. 👍
Started using this tool yesterday...
Hopefully, I'll get to understand it here
I just learnt about this tool a few weeks back for my OSCP prep. looking forward to using it in my exam soon
Thank you John! 🙂
Great stuff, looking forward to test it out. Thanks
Thanks for making this tutorial
This is so cool! Could you do some videos on initial access and bypassing windows defender too?
Thanks for all the content, again very nice video !
John's background looks dope !! wow
Thank you John!
Can you make a video on protecting against this or simply show how to setup a detector for it? That would be sick. I had to subscribe after watching this demo, very well done!
A really good starting point is: if a machine is in the DMZ you should not add another Network to it (Hosts network in this case).
It should not have multiple interfaces attached to other Networks than the DMZ. If the machine has multiple networks attaches no firewall can stop traffic
would've like to see a double pivot.
I literally just learned about this program after having trouble with chisel on my OSCP lol. Cannot wait to try it out.
How was the exam ?
@@BlackwinghacksBlogspot Whooped my ass
Great video and tools thanks!
Very cool and thanks for the video!
Feedback: The multiple camera views of the video I am not the biggest fan of at this time. I feel more connected to the content when its the straight on camera angle where you are engaged with the viewers, when it switches seeing you looking in a different direction makes it feel disconnected from the content. If you plan on keeping the multiple angles personally I would like to see you engage the camera that is active. Appreciate all the new content you are producing! That is my .02.
Great Video!! Thanks for sharing this
Wow awesome tool. Could you maybe do a follow up of some more complex scenario's?
What is the CN of the let’s encrypt certificate? Perhaps you could easily traverse ligolo certificates via the certificate transparency database…
Jesus John your content has improved soo much!!!
We love you man :D
Thank you! It's a team effort. :)
Its easier to social engineer today directly to internal network via employee weakness (especially new people to country)
Can we still use this in network client isolation network ? I mean if the access restricted network withing the same vlan clients ?
Isn’t the certificate generated on the proxy side ie your kali box that does have internet? And then the TLS certificate can be verified offline by the agent
does this mean you will be able to access the subnet of the companies assuming they are using active directory
Thanks
John Hammond more Tut like this plz
This concept can be achieved with dynamic port forwarding with SSH too right? But just that it’s slower when running nmap scans?
Sir , after completing bca course then what course should we take to fully completed cybersecurity or Ethical hacking
Hi John sir 👋 love from India 🇮🇳
Great video, John!
You're simply the best
Is there a way to find out if agent has been installed on machine, for example ligolo agent? In case, AV cannot find anything...
Could we get a link to the template of the cloud lab? I may just be blind but i couldnt find it
Great video,
Keep it up 💪🎉🎉
the RED side of my brain loves ya.
the BLUE side of my brain has constant headaches!
Where was this program when i took eCPPT? great video!!
I would think most DMZs would block unnecessary ports to the inside. Am I missing something here?
Its actually an outgoing connection from the dmz. It doesnt need an open port from the outside.
@@Youtupe69 I get that but doesn’t it need ports between the Private and DMZ? At least whatever port it is using for the proxy connection.
@@rationalbushcraft if you set up your DMZ properly, you are correct, you would seriously limit and restrict access, most likely using an Internal firewall, so that your DMZ can only access the devices and servers it requires access to internally to function and also restrict any outbound traffic to the outside that isnt required.
this does not completely remove the risk, it just reduces the scope of the attack and means the attacker may have to "pivot" a few times. Granted they can get the tunnel connected in the first instance.
@@factorialandha5929 I think the issue is that John is selling this as a way to move laterally without explaining further on how DMZs normally work. He says the devices in the DMZ can access the internal network when that's mostly untrue. DMZs are designed to have limited access to the internal network. This might confuse the many newbies watching his channel into thinking that all DMZs have unrestricted internal network access.
Awesome mate Thanks
Wow this is awesome!! I will try to make it work on the pivoting labs of HTB. Hope this makes it easier. A video like this pivoting and double pivoting on windows environments will be really cool
Good stuff. Hopefully it doesn't get popped by EDR soon.
💥EXCELLENT VIDEO - GREAT SKILLS SHARING - MUST WATCH - THANK YOU 💥
Bye bye Proxychains. Gonna use that fro my PNPT exam in 2 weeks.
Quick test in my home lab worked flawlessly with your tutorial (well - the agent does get picked up by Defender, but for the purpose of exam-prep I deactivated it in my lab)
Yo I cannot seem to find the premade template.
What keyboard are you using?
where is the link to the cloud lab ?
Is it just me who doesn't like the vision mixer(camera transition) ?😅
yes a bit strange
I tried using the autocert but it seems to have an issue. "yamux: Failed to write header: acme/autocert: missing server name
ERRO[0151] could not register agent, error: session shutdown". For the purposes of taking exams and stuff though, this is super awesome, don't need real certs.
Wow -Prefect WHy Don't UA-cam Give you a strike !?
These always start with, "let's assume we already obtained access to this host". That's the hard part. Everything else is easy.
Brilliant pedagogy
Hey quentin, it has been a while since somebody used verbiage that I had to look up on You Tube. Well said, beautiful nomenclature sir. This will be something I will use. Well spoken, if you don't mind, drop some more knowledge. I am thirsty for smart human interaction.
So you should have a machine in DMZ to get it works
13:31 defense ideas to defeat ligolo .. the ping command can be changed in linux ..
our defensive code files first runs a script then runs ping ..
so when malware runs ping runs our defensive script and then parse the malware script and block the ip addresses in malware .. ..
futher upload ip to SOC and block in protected networks
Oh, don’t advocate for “real” certs. That’s evidence! Self-signed cert is perfect for this application.
Thanks Sir$
Aarch64 if you compile all Kali apps directly in MacOS or Fedora Asahi Linux. Off course Kali is easier, because of all the built in tools, but it’s way faster when you compile it natively.
Hey john, you are one of the best and i have been learning from you from the last three years.. but hey did anyone tell you you look alot like that footballer Kevin De Bruyne
Thank you, great study material for the comptia sec+ test that I'm studying for
9:00 John, what did you mean that selfsigned certificates are vulnerable for man in the middle attacks?
I ofcourse might be wrong, but the encryption doesn't change (aslong as you do it correctly) only that there is no CA. And pretty much only case where this would be an issue would be in a externally communicating website, but for internal traffic, i dont see the issue with running selfsigned?
Because MiTM uses self signed cert as well, so if you tell ligolo to accept self-signed cert, there's no way to know if it is the self signed from from the ligolo device, or someone doing MiTM.
@@nekkrokvlt ahh so it’s not a diss on self signed certs in general but only in the way that ligolo gets a hold of its cert. Thanks for the response
If you use a self signed cert AND verify its fingerprint, it’s actually safer than trusting a thirdparty. It’s just less convenient (ligolo could make it more convenient by pasting the fingerprint to accept) so this step is often skipped. However, do you fear you get hacked as a hacker? ,)
1:38 "links below"
Never once has anyone on this platform delivered on that promise
Explaining what Kali is and what is a "cross-platform" software while presenting a network pivoting tool for advanced pentesters is killing me
Gotta fill the time
I like this new version videos
wow john i love u more than i love myself
anyone facing this in double pivor ? error: a tunnel is already using this interface name. Please use a different name using the --tun option
Nice Video. But in my opinion it is a little to hectic. The cuts look cool, but they are a bit confusing.
Credit for the background music in the beginning goes to... ?
??
❤ love your videos ❤❤
I guess you could also use that as a quick and dirty solution to create bridges to fix problems with NATed networks, right? 😅
Hey look, if someone sets up a server with two interfaces, one with a public IP and one with a private IP on a production internal LAN, AND they kindly let me install my hacking tool (or maybe just happen to have an unpatched vulnerability), AND they don’t use any firewall rules to limit access either on the public or private interfaces, AND they don’t use any endpoint protection tools, AND they don’t use any traffic inspections tools, it’s SO easy to hack them! /s
Yeah this isn’t remotely how a DMZ is set up. For sure there are sloppy admins who have servers bridging public and private networks like this, but that’s not called a DMZ, that’s called an invitation to the Target and Equifax awards and breaching them would likely be far easier than using a fancy pivot tool like this. They probably have 3389 wide open so you can RDP right onto their server with a guest account like it’s 1999.
New video title: Compromising networks with no security.
Jesus 1 million subs and now we see john for multiple angles in real time
Very nice
So how do you protect against this attack?
You can watch for untrusted binaries, filter egress ports and of course don’t give attackers shell on your hosts.
@@berndeckenfels Thank you for not trolling!
Thanks john, I have downloaded adn installed it but you are realy fast explaining. Dont get all how to do properly. May be this video is for intro but if you have time please show us the complete tutorial like attacker machine ---> compromised machine --> then from pivoting how to do just for beginners. I am newbie. Many thanks in advance. Love your previous contents.
I’m not a computer expert, Jack Rhysider warped my brain so I listen to videos like this to relax at bedtime
Lol exactly the same happened to me, now a few years later I'm working as a pentester.
Thanks Jack 🤣
Cool Video 📼
How I wish these tools were not honeypots developed by Blue Team or the Government 😅 😡🙂😄
Just stick with the tradition 🤗 you what I mean.
Cool video Thanks 🎉
Yeay! Great Ligolo !!! oh wait most computers in a network don't have two NICs unless is a server and servers don't get malware from users clicking an email. So this means that Ligolo CAN"T move laterally. Damn too bad. Too much fanfare for things that almost never happen. Please tell me that I'm wrong!
00:24 I can see your eyes reading off of a script!! CHEATER!! I thought you were a knowledge BEAST that knew all this from the top of his head when explaining it!!! How dare you prepare such a well prepared video with high production quality!!
Make videos on bug bounty.
this thing is very dangerous program!
Anytime you open up a web page on my screen it got all garbage and pixelated like. But no the sponsors Segway worked fine...
i read ligolo as gigolo i need sleep ☠☠☠
nice
Windows will flag ligolo as malicious soon ;p
Nice
You should really look into investing into a teleprompter so that you don't have to keep looking off the camera, in order to keep the audience engaged. Good work!
"ligolo-ng can work on any machine. Linux, Windows and Mac"
Imagine a company using Macs as their servers 💀
Ligolo mentioned RAHHHHH
Hi
Wow 😮 👍👍👍
“you wanna be in the streets” 🤨🤨