Skip to content

Commit

Permalink
add reverse portfwd function
Browse files Browse the repository at this point in the history
  • Loading branch information
@FunnyWolf
FunnyWolf committed Mar 10, 2022
1 parent df012ce commit 620d528
Show file tree
Hide file tree
Showing 6 changed files with 239 additions and 171 deletions.
2 changes: 1 addition & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ CLIENT_BINARY=ligoloc
SERVER_BINARY=ligolos
TAGS=release

OSARCH = "linux/amd64 linux/386 windows/amd64 windows/386 darwin/amd64 darwin/386"
OSARCH = "linux/amd64 linux/386 windows/amd64 windows/386 darwin/amd64"

TLS_HOST ?= 'ligolo.lan'

Expand Down
117 changes: 70 additions & 47 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,115 +1,138 @@
# Ligolo: Reverse tunnel for intranet penetration
# Ligolo : 用于内网渗透的反向隧道

[![forthebadge](https://forthebadge.com/images/badges/made-with-go.svg)](https://forthebadge.com)
[![forthebadge](https://forthebadge.com/images/badges/gluten-free.svg)](https://forthebadge.com)

English | [简体中文](./README_ZH.md)
简体中文 | [English](./README_EN.md)

## introduce
## 介绍

The project is modified according to [ligolo](https://github.com/sysdream/ligolo), mainly for some functional tailoring, which is convenient to use.
项目根据 [ligolo](https://github.com/sysdream/ligolo) 修改,主要做一些功能上的裁剪,方便使用.

**Ligolo** is a simple, lightweight reverse Socks5 proxy tool, all traffic is encrypted with TLS.
**Ligolo** 是一个简单的,轻量级的反向Socks5代理工具及端口映射工具,所有的流量使用TLS加密.

Its function is similar to *Autoroute + Socks4a* in *Meterpreter*, but it is more stable and faster.
其功能类似于*Meterpreter*中的*Autoroute + Socks4a*,但是更加稳定,速度更快.

## why you need this
## 使用场景

When you have obtained the permission of a Windows / Linux / Mac host on the other party's intranet and the host can connect to the Internet.
当你已经在对方内网获取到一台 Windows / Linux / Mac 主机的权限且该主机可以连接互联网.

At this point you want to establish a Socks5 proxy for the other party's intranet.
此时你想要建立一个对方内网的Socks5代理或需要连接内网某个IP地址的某端口.

**Ligolo** can help you establish an agent to help you continue to penetrate the intranet.
**Ligolo** 可以帮助你建立代理,协助你继续进行内网渗透.

> If the controlled host cannot access the Internet, you can try another tool [pystinger](https://github.com/FunnyWolf/pystinger)
> 如果已控主机不能访问互联网,可以尝试使用另一款工具 [pystinger](https://github.com/FunnyWolf/pystinger)
## Instructions
## 使用方法

### TL;DR
### Sock5代理

- Get the compiled binary file [release](https://github.com/FunnyWolf/ligolo/releases)
- 获取已编译的二进制文件 [release](https://github.com/FunnyWolf/ligolo/releases)

- In your VPS hosting.
- 在你的VPS主机中.

```
./ligolos
```

- In the controlled intranet host.
- 在已控制的内网主机中.

```
> ligoloc.exe -s your-vps-ip:443
```

- After the connection is successfully established, the 127.0.0.1:1080 of the VPS has established the Socks5 proxy for the internal network of the controlled host.
- 连接建立成功后,此时VPS的127.0.0.1:1080已经建立已控主机的内网Socks5代理.

### Detailed description
### 详细说明

*Ligolo* contains two modules:
*Ligolo* 包含两个模块:

- ligolos (server)
- ligoloc (client)

*ligolos* runs on your VPS server (attack server).
*ligolos* 运行于你的VPS服务器 (攻击服务器).

*ligoloc* runs on an already controlled intranet host.
*ligoloc* 运行于已经控制的内网主机.

*ligolos* can use the default settings. It will listen on port 0.0.0.0:443 (for waiting for ligoloc connection) and 127.0.0.1:1080 (for socks5 proxy).
*ligolos*可以使用默认设置.它会监听0.0.0.0:443端口(用于等待ligoloc连接)及127.0.0.1:1080(用于socks5代理).

*ligoloc* The server address must be specified when running, using the parameter `-s your-vps-ip:443`.
*ligoloc*运行时必须制定服务端地址,使用参数`-s your-vps-ip:443`.

You can use the `-h` parameter to view the help.
你可以使用`-h`参数查看帮助.

Once the connection between *ligolos* and *ligoloc* is established, you can use the intranet socks5 proxy of the VPS server `127.0.0.1:1080`.
一旦*ligolos* *ligoloc* 之间的连接建立成功,你即可使用VPS服务器`127.0.0.1:1080`的内网socks5代理.

### Options

### 反向端口映射
- 在你的VPS主机中.

```
./ligolos -p 0.0.0.0:13389
```

- 在已控制的内网主机中.

```
> ligoloc.exe -s your-vps-ip:443 -t 127.0.0.1:3389
```

- 连接建立成功后,已经将以控制内网主机的3389映射到VPS-IP:13389.



### 选项

*ligolos* options:

```
PS XXX\bin> .\ligolos_windows_amd64.exe -h
Usage of D:\Code\git\go\src\ligolo\bin\ligolos_windows_amd64.exe:
PS D:\xxx\bin> .\ligolos.exe -h
Usage of D:\xxx\ligolos.exe:
-cert string
The TLS server certificate,Unnecessary (default "cert.pem")
-key string
The TLS server key,Unnecessary (default "key.pem")
-l string
The relay server listening address (the connect-back address) (default "0.0.0.0:443")
-s5 string
The local socks5 server address (your proxychains parameter) (default "127.0.0.1:1080")
-p string
The local socks5 server address or ip:port use to connect target (default "127.0.0.1:1080")
```

*ligoloc* options:

```
PS XXX\bin> .\ligoloc_windows_amd64.exe -h
Usage of D:\Code\git\go\src\ligolo\bin\ligoloc_windows_amd64.exe:
Usage of D:\XXX\ligoloc.exe:
-proxy string
Use proxy to connect ligolo server(e.g. http://user:[email protected]:8080 socks5://user:[email protected]:1080)
-s string
The relay server (the connect-back address) (default "example.com:443")
The ligolo server (the connect-back address)(e.g. 0.0.0.0:443)
-t string
The destination server (a 192.168.1.3:3389, 192.168.1.3:22, etc.) - when not specified, Ligolo starts a socks5 proxy server
```

### Compile
### 编译

Refer to the compilation method of the original ligolo
参考原版ligolo的编译方法

## Features
## 特性

- TLS 1.3 encrypted tunnel
- Multi-platform (Windows / Linux / Mac /...)
- Multiple connection multiplexing (1 TCP connection transmits all traffic)
- SOCKS5 proxy
- TLS 1.3 加密隧道
- 多平台 (Windows / Linux / Mac / ...)
- 多连接复用 (1 TCP连接传输所有流量)
- SOCKS5代理

## To Do

- Better timeout mechanism
- SOCKS5 UDP support
- mTLS mutual authentication
- Reverse port mapping (mapping intranet port to internet)
- 更好的超时机制
- SOCKS5 UDP 支持
- mTLS双向认证

## Licensing

GNU General Public License v3.0 (refer to LICENSING).
GNU General Public License v3.0 (参考 LICENSING).

## 原版作者

* Nicolas Chatelain <n.chatelain -at- sysdream.com>


## Original author

* Nicolas Chatelain <n.chatelain -at- sysdream.com>
132 changes: 132 additions & 0 deletions README_EN.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,132 @@
# Ligolo: Reverse tunnel for intranet penetration

[![forthebadge](https://forthebadge.com/images/badges/made-with-go.svg)](https://forthebadge.com)
[![forthebadge](https://forthebadge.com/images/badges/gluten-free.svg)](https://forthebadge.com)

English | [简体中文](./README.md)

## introduce

The project is modified according to [ligolo](https://github.com/sysdream/ligolo), mainly for some functional tailoring, which is convenient to use.

**Ligolo** is a simple, lightweight reverse Socks5 proxy tool, all traffic is encrypted with TLS.

Its function is similar to *Autoroute + Socks4a* in *Meterpreter*, but it is more stable and faster.

## why you need this

When you have obtained the permission of a Windows / Linux / Mac host on the other party's intranet and the host can connect to the Internet.

At this point you want to establish a Socks5 proxy for the other party's intranet.

**Ligolo** can help you establish an agent to help you continue to penetrate the intranet.

> If the controlled host cannot access the Internet, you can try another tool [pystinger](https://github.com/FunnyWolf/pystinger)
## Instructions

### TL;DR

- Get the compiled binary file [release](https://github.com/FunnyWolf/ligolo/releases)

- In your VPS hosting.

```
./ligolos
```

- In the controlled intranet host.

```
> ligoloc.exe -s your-vps-ip:443
```

- After the connection is successfully established, the 127.0.0.1:1080 of the VPS has established the Socks5 proxy for the internal network of the controlled host.

### Detailed description

*Ligolo* contains two modules:

- ligolos (server)
- ligoloc (client)

*ligolos* runs on your VPS server (attack server).

*ligoloc* runs on an already controlled intranet host.

*ligolos* can use the default settings. It will listen on port 0.0.0.0:443 (for waiting for ligoloc connection) and 127.0.0.1:1080 (for socks5 proxy).

*ligoloc* The server address must be specified when running, using the parameter `-s your-vps-ip:443`.

You can use the `-h` parameter to view the help.

Once the connection between *ligolos* and *ligoloc* is established, you can use the intranet socks5 proxy of the VPS server `127.0.0.1:1080`.


### Reverse portfwd
- In your VPS host
```
./ligolos -p 0.0.0.0:13389
```
- In controlled intranet host
```
> ligoloc. exe -s your-vps-ip:443 -t 127.0.0.1:3389
```
- After the connection is established successfully, the intranet host 127.0.0.1:3389 has been mapped to vps-ip:13389


### Options

*ligolos* options:

```
PS D:\xxx\bin> .\ligolos.exe -h
Usage of D:\xxx\ligolos.exe:
-cert string
The TLS server certificate,Unnecessary (default "cert.pem")
-key string
The TLS server key,Unnecessary (default "key.pem")
-l string
The relay server listening address (the connect-back address) (default "0.0.0.0:443")
-p string
The local socks5 server address or ip:port use to connect target (default "127.0.0.1:1080")
```

*ligoloc* options:

```
Usage of D:\XXX\ligoloc.exe:
-proxy string
Use proxy to connect ligolo server(e.g. http://user:[email protected]:8080 socks5://user:[email protected]:1080)
-s string
The ligolo server (the connect-back address)(e.g. 0.0.0.0:443)
-t string
The destination server (a 192.168.1.3:3389, 192.168.1.3:22, etc.) - when not specified, Ligolo starts a socks5 proxy server
```


### Compile

Refer to the compilation method of the original ligolo

## Features

- TLS 1.3 encrypted tunnel
- Multi-platform (Windows / Linux / Mac /...)
- Multiple connection multiplexing (1 TCP connection transmits all traffic)
- SOCKS5 proxy

## To Do

- Better timeout mechanism
- SOCKS5 UDP support
- mTLS mutual authentication
- Reverse port mapping (mapping intranet port to internet)

## Licensing

GNU General Public License v3.0 (refer to LICENSING).

## Original author

* Nicolas Chatelain <n.chatelain -at- sysdream.com>
Loading

0 comments on commit 620d528

Please sign in to comment.