Sorry, I just added the Pivoting Lab SnapLabs template link now: jh.live/pivoting Thanks for watching and all your support! (and psst, check out Vanta! jh.live/vanta )
Just did this pivoting and hacked my local police department and they loved it! They even offered me a free room with free toilet and nice orange clothes! Life is good!
@@Michael_Jackson187 Oh yeah, just not any auto exploit tools. So avoid metasploit framework auto-exploits, sqlmap, but you can still use msfvenom (I faded it for a while and have had a few boxes where I couldn't get any of my reverse shells to work without it
Hey look, if someone sets up a server with two interfaces, one with a public IP and one with a private IP on a production internal LAN, AND they kindly let me install my hacking tool (or maybe just happen to have an unpatched vulnerability), AND they don’t use any firewall rules to limit access either on the public or private interfaces, AND they don’t use any endpoint protection tools, AND they don’t use any traffic inspections tools, it’s SO easy to hack them! /s Yeah this isn’t remotely how a DMZ is set up. For sure there are sloppy admins who have servers bridging public and private networks like this, but that’s not called a DMZ, that’s called an invitation to the Target and Equifax awards and breaching them would likely be far easier than using a fancy pivot tool like this. They probably have 3389 wide open so you can RDP right onto their server with a guest account like it’s 1999. New video title: Compromising networks with no security.
This is so cool! It would be very interesting to do a forensic exam on the pivot machine to see what signs are left behind by Ligolo activity. Great video!
Please pontificate on this subject with some particulars. I am almost finished with my digital forensics cert, and I want to understand all of the practical scenarios I can. TY
@@pimpnosimpg5416 Certainly! When setting up a DMZ, the goal is to isolate publicly accessible servers from the internal network to enhance security. Typically, servers in a DMZ have interfaces connected to both the external (untrusted) network and the internal (trusted) network. This setup allows external users to access services like web servers or email servers while keeping them separated from sensitive internal resources. However, if servers in a DMZ have interfaces connected to completely different networks, it could indicate a misunderstanding of how to properly configure a DMZ. The purpose of a DMZ is to create a buffer zone between the internet and the internal network, ensuring that any security breaches or attacks targeting public-facing services are contained and don't compromise internal systems. Placing servers with interfaces in different networks within a DMZ could create confusion and potentially undermine the intended security benefits of the DMZ architecture.
So how do you access servers in the DMZ from an internal network?
3 місяці тому+1
@flrn84791 You can't that's the purpose of a DMZ, it should not be accessed from the internal network, unless if you have access to the firewall box that manages the DMZ network.
Can you make a video on protecting against this or simply show how to setup a detector for it? That would be sick. I had to subscribe after watching this demo, very well done!
A really good starting point is: if a machine is in the DMZ you should not add another Network to it (Hosts network in this case). It should not have multiple interfaces attached to other Networks than the DMZ. If the machine has multiple networks attaches no firewall can stop traffic
Very cool and thanks for the video! Feedback: The multiple camera views of the video I am not the biggest fan of at this time. I feel more connected to the content when its the straight on camera angle where you are engaged with the viewers, when it switches seeing you looking in a different direction makes it feel disconnected from the content. If you plan on keeping the multiple angles personally I would like to see you engage the camera that is active. Appreciate all the new content you are producing! That is my .02.
@@rationalbushcraft if you set up your DMZ properly, you are correct, you would seriously limit and restrict access, most likely using an Internal firewall, so that your DMZ can only access the devices and servers it requires access to internally to function and also restrict any outbound traffic to the outside that isnt required. this does not completely remove the risk, it just reduces the scope of the attack and means the attacker may have to "pivot" a few times. Granted they can get the tunnel connected in the first instance.
@@factorialandha5929 I think the issue is that John is selling this as a way to move laterally without explaining further on how DMZs normally work. He says the devices in the DMZ can access the internal network when that's mostly untrue. DMZs are designed to have limited access to the internal network. This might confuse the many newbies watching his channel into thinking that all DMZs have unrestricted internal network access.
@@factorialandha5929how would I be able to regain access to my wifi security and remove multiple administrators off of my laptop? I've been struggling for four years with all of this, alongside of watching multiple videos on what's up with my sh*t(in my limited free time, I have kiddos) & all I've gotten through it all is headaches, very limited help, & laughed at on countless occasions...I have been reaching out everywhere & end up not getting responses or getting responses & then they disappear...it's definitely someone screwing with my network. I see some of the ports or channels are running interface & actually neighboring networks are as well... I tried the app the one popular app... I see multiple devices upon my Bluetooth same name under & identifying as whole other devices under a different color & or icon. I also have multiples of my one device showing in Google home(I've NEVER used Google home, ever) my kids baby monitor is pairing with random objects too. I live alone with my two little girls & am over all of this! I have little $ & what I've saved, I've put out to hire someone other than my service provider... They just mock me & change all of my info... Wifi name, password, & also made me a whole email address that I've never ever used. Sorry so long, but that's some of my sh*t. Any help would be greatly appreciated! Hope you had a beautiful 4th & hope you are well. I read your comment & you seem knowledgeable so I decided to take a shot & throw this out there. Thinking maybe, someone will reach out. You never know, if ya don't try, right?!?!? If I don't answer you, it's because my comments go missing. Alongside of everything tech wise in my life. It's been 4 years & I'd just like a little peace with it all. Ty for listening... 🫀
Bye bye Proxychains. Gonna use that fro my PNPT exam in 2 weeks. Quick test in my home lab worked flawlessly with your tutorial (well - the agent does get picked up by Defender, but for the purpose of exam-prep I deactivated it in my lab)
Hey quentin, it has been a while since somebody used verbiage that I had to look up on You Tube. Well said, beautiful nomenclature sir. This will be something I will use. Well spoken, if you don't mind, drop some more knowledge. I am thirsty for smart human interaction.
00:24 I can see your eyes reading off of a script!! CHEATER!! I thought you were a knowledge BEAST that knew all this from the top of his head when explaining it!!! How dare you prepare such a well prepared video with high production quality!!
Aarch64 if you compile all Kali apps directly in MacOS or Fedora Asahi Linux. Off course Kali is easier, because of all the built in tools, but it’s way faster when you compile it natively.
I am just getting to cyber security. After being in the desktop / server support area for a while I recently found my passion for cyber security. I have signed up for some certification exams and found this channel. :)
Yeay! Great Ligolo !!! oh wait most computers in a network don't have two NICs unless is a server and servers don't get malware from users clicking an email. So this means that Ligolo CAN"T move laterally. Damn too bad. Too much fanfare for things that almost never happen. Please tell me that I'm wrong!
You should really look into investing into a teleprompter so that you don't have to keep looking off the camera, in order to keep the audience engaged. Good work!
Isn’t the certificate generated on the proxy side ie your kali box that does have internet? And then the TLS certificate can be verified offline by the agent
Hey john, you are one of the best and i have been learning from you from the last three years.. but hey did anyone tell you you look alot like that footballer Kevin De Bruyne
Cool Video 📼 How I wish these tools were not honeypots developed by Blue Team or the Government 😅 😡🙂😄 Just stick with the tradition 🤗 you what I mean. Cool video Thanks 🎉
I tried using the autocert but it seems to have an issue. "yamux: Failed to write header: acme/autocert: missing server name ERRO[0151] could not register agent, error: session shutdown". For the purposes of taking exams and stuff though, this is super awesome, don't need real certs.
Thanks john, I have downloaded adn installed it but you are realy fast explaining. Dont get all how to do properly. May be this video is for intro but if you have time please show us the complete tutorial like attacker machine ---> compromised machine --> then from pivoting how to do just for beginners. I am newbie. Many thanks in advance. Love your previous contents.
Wow this is awesome!! I will try to make it work on the pivoting labs of HTB. Hope this makes it easier. A video like this pivoting and double pivoting on windows environments will be really cool
As some constructive criticism for making your videos better, you should consider moving the monitor you're reading from closer to your camera. Probably underneath or above it. As it is now, your eyes are continually darting from the webcam to the screen. You're going back and forth and you lose that seemless effect of talking to the viewer while you're reading. Instead, it looks more like you're distracted and you keep looking at something "over there" while trying to address your viewers.
9:00 John, what did you mean that selfsigned certificates are vulnerable for man in the middle attacks? I ofcourse might be wrong, but the encryption doesn't change (aslong as you do it correctly) only that there is no CA. And pretty much only case where this would be an issue would be in a externally communicating website, but for internal traffic, i dont see the issue with running selfsigned?
Because MiTM uses self signed cert as well, so if you tell ligolo to accept self-signed cert, there's no way to know if it is the self signed from from the ligolo device, or someone doing MiTM.
If you use a self signed cert AND verify its fingerprint, it’s actually safer than trusting a thirdparty. It’s just less convenient (ligolo could make it more convenient by pasting the fingerprint to accept) so this step is often skipped. However, do you fear you get hacked as a hacker? ,)
I need to chat with you. I am in a position I am not sure what to do with. Its all new world to me, but I ended up at the end of it with a mountain of intel and I think I can connect quite a few dots
Sorry, I just added the Pivoting Lab SnapLabs template link now: jh.live/pivoting
Thanks for watching and all your support! (and psst, check out Vanta! jh.live/vanta )
Is this template still accessible? I am unable to reach it on SnapLabs. Just gives me "network error" when trying to open it.
Hi, i have "Network Error" on my side ;(
@@goultarde same here. not able to access the template via tha link.
Just did this pivoting and hacked my local police department and they loved it! They even offered me a free room with free toilet and nice orange clothes! Life is good!
😂
Lmao good one!
Master life hack 🙌🏼
hahah😂😂
😂😂😂
im so glad i learned how to use ligolo before doing the CPTS exam. passed on the exam in august on the first attempt
These always start with, "let's assume we already obtained access to this host". That's the hard part. Everything else is easy.
Ligolo is killer for the OSCP Active Directory set. 🎉
They let you use tools on the Oscp?
@@Michael_Jackson187 Oh yeah, just not any auto exploit tools. So avoid metasploit framework auto-exploits, sqlmap, but you can still use msfvenom (I faded it for a while and have had a few boxes where I couldn't get any of my reverse shells to work without it
@@Michael_Jackson187Check rules of engagement, some tools amd techmiques are not allowed, like Metasploit attack modules
@@Michael_Jackson187no you have to do the entire OSCP in assembly.
In my experience, servers in a DMZ don't have a second interface on an internal subnet- that defeats the purpose of the DMZ.
Even then, there's usually a jump box or a way to access them or their network from an internal network
Hey look, if someone sets up a server with two interfaces, one with a public IP and one with a private IP on a production internal LAN, AND they kindly let me install my hacking tool (or maybe just happen to have an unpatched vulnerability), AND they don’t use any firewall rules to limit access either on the public or private interfaces, AND they don’t use any endpoint protection tools, AND they don’t use any traffic inspections tools, it’s SO easy to hack them! /s
Yeah this isn’t remotely how a DMZ is set up. For sure there are sloppy admins who have servers bridging public and private networks like this, but that’s not called a DMZ, that’s called an invitation to the Target and Equifax awards and breaching them would likely be far easier than using a fancy pivot tool like this. They probably have 3389 wide open so you can RDP right onto their server with a guest account like it’s 1999.
New video title: Compromising networks with no security.
"I don't often easily pivot to internal networks from the DMZ but when I DO, I *always* fire off nmap scans of the entire /24!"
This is so cool! It would be very interesting to do a forensic exam on the pivot machine to see what signs are left behind by Ligolo activity. Great video!
Please pontificate on this subject with some particulars. I am almost finished with my digital forensics cert, and I want to understand all of the practical scenarios I can. TY
I love how you've grown into cybersecurity. I'm very rusty and think your videos are helping eliminate that rust.
Anybody putting servers in a DMZ with interfaces that reside in completely different networks probably needs a recap on exactly what a DMZ is for.
Can u explain pls?
Right! Thank you! I know he has more experience than me, but I was like no bueno hombre.
@@pimpnosimpg5416
Certainly! When setting up a DMZ, the goal is to isolate publicly accessible servers from the internal network to enhance security. Typically, servers in a DMZ have interfaces connected to both the external (untrusted) network and the internal (trusted) network. This setup allows external users to access services like web servers or email servers while keeping them separated from sensitive internal resources.
However, if servers in a DMZ have interfaces connected to completely different networks, it could indicate a misunderstanding of how to properly configure a DMZ. The purpose of a DMZ is to create a buffer zone between the internet and the internal network, ensuring that any security breaches or attacks targeting public-facing services are contained and don't compromise internal systems. Placing servers with interfaces in different networks within a DMZ could create confusion and potentially undermine the intended security benefits of the DMZ architecture.
So how do you access servers in the DMZ from an internal network?
@flrn84791
You can't that's the purpose of a DMZ, it should not be accessed from the internal network, unless if you have access to the firewall box that manages the DMZ network.
the RED side of my brain loves ya.
the BLUE side of my brain has constant headaches!
Can you make a video on protecting against this or simply show how to setup a detector for it? That would be sick. I had to subscribe after watching this demo, very well done!
A really good starting point is: if a machine is in the DMZ you should not add another Network to it (Hosts network in this case).
It should not have multiple interfaces attached to other Networks than the DMZ. If the machine has multiple networks attaches no firewall can stop traffic
I wonder how anyone can provide such exciting content.
There are no two like you sir
I just learnt about this tool a few weeks back for my OSCP prep. looking forward to using it in my exam soon
Very cool and thanks for the video!
Feedback: The multiple camera views of the video I am not the biggest fan of at this time. I feel more connected to the content when its the straight on camera angle where you are engaged with the viewers, when it switches seeing you looking in a different direction makes it feel disconnected from the content. If you plan on keeping the multiple angles personally I would like to see you engage the camera that is active. Appreciate all the new content you are producing! That is my .02.
Please don't listen to the people who are complaining about being your video slow. Don't change it. Most of the creator are really hard to understand
Its easier to social engineer today directly to internal network via employee weakness (especially new people to country)
I'm really glad that you broke down the meaning of cross-platform, I never would have guessed. 😂
Explaining what Kali is and what is a "cross-platform" software while presenting a network pivoting tool for advanced pentesters is killing me
Gotta fill the time
easy to understand, thanks John. Nifty piece of software
All of that is automated with the havoc-ligolo module as well! Cool video ^^
Thanks, didn't know that was a module
Is it just me who doesn't like the vision mixer(camera transition) ?😅
Oh, don’t advocate for “real” certs. That’s evidence! Self-signed cert is perfect for this application.
I would think most DMZs would block unnecessary ports to the inside. Am I missing something here?
Its actually an outgoing connection from the dmz. It doesnt need an open port from the outside.
@@Youtupe69 I get that but doesn’t it need ports between the Private and DMZ? At least whatever port it is using for the proxy connection.
@@rationalbushcraft if you set up your DMZ properly, you are correct, you would seriously limit and restrict access, most likely using an Internal firewall, so that your DMZ can only access the devices and servers it requires access to internally to function and also restrict any outbound traffic to the outside that isnt required.
this does not completely remove the risk, it just reduces the scope of the attack and means the attacker may have to "pivot" a few times. Granted they can get the tunnel connected in the first instance.
@@factorialandha5929 I think the issue is that John is selling this as a way to move laterally without explaining further on how DMZs normally work. He says the devices in the DMZ can access the internal network when that's mostly untrue. DMZs are designed to have limited access to the internal network. This might confuse the many newbies watching his channel into thinking that all DMZs have unrestricted internal network access.
@@factorialandha5929how would I be able to regain access to my wifi security and remove multiple administrators off of my laptop? I've been struggling for four years with all of this, alongside of watching multiple videos on what's up with my sh*t(in my limited free time, I have kiddos) & all I've gotten through it all is headaches, very limited help, & laughed at on countless occasions...I have been reaching out everywhere & end up not getting responses or getting responses & then they disappear...it's definitely someone screwing with my network. I see some of the ports or channels are running interface & actually neighboring networks are as well... I tried the app the one popular app... I see multiple devices upon my Bluetooth same name under & identifying as whole other devices under a different color & or icon. I also have multiples of my one device showing in Google home(I've NEVER used Google home, ever) my kids baby monitor is pairing with random objects too. I live alone with my two little girls & am over all of this! I have little $ & what I've saved, I've put out to hire someone other than my service provider... They just mock me & change all of my info... Wifi name, password, & also made me a whole email address that I've never ever used. Sorry so long, but that's some of my sh*t. Any help would be greatly appreciated! Hope you had a beautiful 4th & hope you are well. I read your comment & you seem knowledgeable so I decided to take a shot & throw this out there. Thinking maybe, someone will reach out. You never know, if ya don't try, right?!?!? If I don't answer you, it's because my comments go missing. Alongside of everything tech wise in my life. It's been 4 years & I'd just like a little peace with it all. Ty for listening... 🫀
I literally just learned about this program after having trouble with chisel on my OSCP lol. Cannot wait to try it out.
How was the exam ?
@@BlackwinghacksBlogspot Whooped my ass
Started using this tool yesterday...
Hopefully, I'll get to understand it here
i dont know why i wasnt subscribed to your channel❤🔥
Jesus John your content has improved soo much!!!
We love you man :D
Thank you! It's a team effort. :)
John's background looks dope !! wow
1:38 "links below"
Never once has anyone on this platform delivered on that promise
Hi John sir 👋 love from India 🇮🇳
Bye bye Proxychains. Gonna use that fro my PNPT exam in 2 weeks.
Quick test in my home lab worked flawlessly with your tutorial (well - the agent does get picked up by Defender, but for the purpose of exam-prep I deactivated it in my lab)
I’m not a computer expert, Jack Rhysider warped my brain so I listen to videos like this to relax at bedtime
Lol exactly the same happened to me, now a few years later I'm working as a pentester.
Thanks Jack 🤣
this tool would make the job a lot easier thank you for the demo man keep up the good work much love from Saudia Arabia
Wow -Prefect WHy Don't UA-cam Give you a strike !?
would've like to see a double pivot.
Jesus 1 million subs and now we see john for multiple angles in real time
this is super clean content now i love it. Love the examples shown
Where was this program when i took eCPPT? great video!!
Brilliant pedagogy
Hey quentin, it has been a while since somebody used verbiage that I had to look up on You Tube. Well said, beautiful nomenclature sir. This will be something I will use. Well spoken, if you don't mind, drop some more knowledge. I am thirsty for smart human interaction.
PIVOT
- Ross Geller
Sir , after completing bca course then what course should we take to fully completed cybersecurity or Ethical hacking
i read ligolo as gigolo i need sleep ☠☠☠
Nice Video. But in my opinion it is a little to hectic. The cuts look cool, but they are a bit confusing.
What is the CN of the let’s encrypt certificate? Perhaps you could easily traverse ligolo certificates via the certificate transparency database…
So you should have a machine in DMZ to get it works
00:24 I can see your eyes reading off of a script!! CHEATER!! I thought you were a knowledge BEAST that knew all this from the top of his head when explaining it!!! How dare you prepare such a well prepared video with high production quality!!
Good stuff. Hopefully it doesn't get popped by EDR soon.
Nice tool & nice watch 🥳
Aarch64 if you compile all Kali apps directly in MacOS or Fedora Asahi Linux. Off course Kali is easier, because of all the built in tools, but it’s way faster when you compile it natively.
wow john i love u more than i love myself
Great stuff, looking forward to test it out. Thanks
Thank you John! 🙂
Wow awesome tool. Could you maybe do a follow up of some more complex scenario's?
Thanks for making this tutorial
This concept can be achieved with dynamic port forwarding with SSH too right? But just that it’s slower when running nmap scans?
What about docker, sysdig and Falco??
Thank you John!
Great video and tools thanks!
I guess you could also use that as a quick and dirty solution to create bridges to fix problems with NATed networks, right? 😅
i prefer the slightly fast paced videos this was a bit too slow for my liking but this is great for people that are just getting into this
I am just getting to cyber security. After being in the desktop / server support area for a while I recently found my passion for cyber security. I have signed up for some certification exams and found this channel. :)
TikTok User
Dude can't even hack the playback speed 😂
Shut up man
Loll - i love the playback speed comments
You're simply the best
Yeay! Great Ligolo !!! oh wait most computers in a network don't have two NICs unless is a server and servers don't get malware from users clicking an email. So this means that Ligolo CAN"T move laterally. Damn too bad. Too much fanfare for things that almost never happen. Please tell me that I'm wrong!
Thanks for all the content, again very nice video !
You should really look into investing into a teleprompter so that you don't have to keep looking off the camera, in order to keep the audience engaged. Good work!
does this mean you will be able to access the subnet of the companies assuming they are using active directory
Thank you so much John for sharing, all that super useful knowledge with us. I realy enjoying watching your videos. 👍
What keyboard are you using?
Great video, John!
Isn’t the certificate generated on the proxy side ie your kali box that does have internet? And then the TLS certificate can be verified offline by the agent
Windows will flag ligolo as malicious soon ;p
Is there a way to find out if agent has been installed on machine, for example ligolo agent? In case, AV cannot find anything...
I like this new version videos
Hey john, you are one of the best and i have been learning from you from the last three years.. but hey did anyone tell you you look alot like that footballer Kevin De Bruyne
Great Video!! Thanks for sharing this
Awesome mate Thanks
Cool Video 📼
How I wish these tools were not honeypots developed by Blue Team or the Government 😅 😡🙂😄
Just stick with the tradition 🤗 you what I mean.
Cool video Thanks 🎉
I tried using the autocert but it seems to have an issue. "yamux: Failed to write header: acme/autocert: missing server name
ERRO[0151] could not register agent, error: session shutdown". For the purposes of taking exams and stuff though, this is super awesome, don't need real certs.
Thanks
John Hammond more Tut like this plz
this thing is very dangerous program!
Could we get a link to the template of the cloud lab? I may just be blind but i couldnt find it
Can we still use this in network client isolation network ? I mean if the access restricted network withing the same vlan clients ?
Thanks john, I have downloaded adn installed it but you are realy fast explaining. Dont get all how to do properly. May be this video is for intro but if you have time please show us the complete tutorial like attacker machine ---> compromised machine --> then from pivoting how to do just for beginners. I am newbie. Many thanks in advance. Love your previous contents.
Anytime you open up a web page on my screen it got all garbage and pixelated like. But no the sponsors Segway worked fine...
Ligolo mentioned RAHHHHH
Great video,
Keep it up 💪🎉🎉
💥EXCELLENT VIDEO - GREAT SKILLS SHARING - MUST WATCH - THANK YOU 💥
Wow this is awesome!! I will try to make it work on the pivoting labs of HTB. Hope this makes it easier. A video like this pivoting and double pivoting on windows environments will be really cool
where is the link to the cloud lab ?
Very nice
As some constructive criticism for making your videos better, you should consider moving the monitor you're reading from closer to your camera. Probably underneath or above it.
As it is now, your eyes are continually darting from the webcam to the screen. You're going back and forth and you lose that seemless effect of talking to the viewer while you're reading.
Instead, it looks more like you're distracted and you keep looking at something "over there" while trying to address your viewers.
So how do you protect against this attack?
You can watch for untrusted binaries, filter egress ports and of course don’t give attackers shell on your hosts.
@@berndeckenfels Thank you for not trolling!
That was an illegal advertisement, buddy you have to disclose that it’s an advertisement you can’t say that it’s just a cool company
Make a video about jwt encrypted token as well
I like this but the name ligolo is kinda weird 💀... ngl
9:00 John, what did you mean that selfsigned certificates are vulnerable for man in the middle attacks?
I ofcourse might be wrong, but the encryption doesn't change (aslong as you do it correctly) only that there is no CA. And pretty much only case where this would be an issue would be in a externally communicating website, but for internal traffic, i dont see the issue with running selfsigned?
Because MiTM uses self signed cert as well, so if you tell ligolo to accept self-signed cert, there's no way to know if it is the self signed from from the ligolo device, or someone doing MiTM.
@@nekkrokvlt ahh so it’s not a diss on self signed certs in general but only in the way that ligolo gets a hold of its cert. Thanks for the response
If you use a self signed cert AND verify its fingerprint, it’s actually safer than trusting a thirdparty. It’s just less convenient (ligolo could make it more convenient by pasting the fingerprint to accept) so this step is often skipped. However, do you fear you get hacked as a hacker? ,)
Yo I cannot seem to find the premade template.
Thank you, great study material for the comptia sec+ test that I'm studying for
“you wanna be in the streets” 🤨🤨
I need to chat with you. I am in a position I am not sure what to do with. Its all new world to me, but I ended up at the end of it with a mountain of intel and I think I can connect quite a few dots