Skip to content

Commit

Permalink
implement local port redirect #15
Browse files Browse the repository at this point in the history
  • Loading branch information
NicoBBCha committed Dec 30, 2023
1 parent e74b23b commit f4d5e39
Show file tree
Hide file tree
Showing 2 changed files with 33 additions and 1 deletion.
25 changes: 25 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,9 @@ You use Ligolo-ng for your penetration tests? Did it help you pass a certificati
- [Using Let's Encrypt Autocert](#using-lets-encrypt-autocert)
- [Using your own TLS certificates](#using-your-own-tls-certificates)
- [Automatic self-signed certificates (NOT RECOMMENDED)](#automatic-self-signed-certificates-not-recommended)
- [Using Ligolo-ng](#using-ligolo-ng)
- [Agent Binding/Listening](#agent-bindinglistening)
- [Access to agent's local ports (127.0.0.1)](#access-to-agents-local-ports-127001)
- [Demo](#demo)
- [Does it require Administrator/root access ?](#does-it-require-administratorroot-access-)
- [Supported protocols/packets](#supported-protocolspackets)
Expand Down Expand Up @@ -256,6 +258,29 @@ You can view currently running listeners using the `listener_list` command and s
INFO[1505] Listener closed.
```

### Access to agent's local ports (127.0.0.1)

If you need to access the local ports of the currently connected agent, there's a "magic" IP hardcoded in Ligolo-ng: *240.0.0.1* ( This IP address is part of an unused IPv4 subnet).
If you query this IP address, Ligolo-ng will automatically redirect traffic to the agent's local IP address (127.0.0.1).

Example:

```
$ sudo ip route add 240.0.0.1/32 dev ligolo
$ nmap 240.0.0.1 -sV
Starting Nmap 7.93 ( https://nmap.org ) at 2023-12-30 22:17 CET
Nmap scan report for 240.0.0.1
Host is up (0.023s latency).
Not shown: 998 closed tcp ports (conn-refused)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.4p1 Debian 5+deb11u3 (protocol 2.0)
8000/tcp open http SimpleHTTPServer 0.6 (Python 3.9.2)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 7.16 seconds
```

## Demo


Expand Down
9 changes: 8 additions & 1 deletion pkg/proxy/netstack/handlers.go
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,13 @@ func HandlePacket(nstack *stack.Stack, localConn TunConn, yamuxConn *yamux.Sessi

logrus.Debugf("Got packet source : %s - endpointID : %s:%d", endpointID.RemoteAddress, endpointID.LocalAddress, endpointID.LocalPort)

targetIp := endpointID.LocalAddress.String()
if endpointID.LocalAddress.String() == "240.0.0.1" {
logrus.Debug("MagicIP detected, redirecting to agent local machine")
// Magic IP detected
targetIp = "127.0.0.1"
}

yamuxConnectionSession, err := yamuxConn.Open()
if err != nil {
logrus.Error(err)
Expand All @@ -101,7 +108,7 @@ func HandlePacket(nstack *stack.Stack, localConn TunConn, yamuxConn *yamux.Sessi
connectPacket := protocol.ConnectRequestPacket{
Net: protonet,
Transport: prototransport,
Address: endpointID.LocalAddress.String(),
Address: targetIp,
Port: endpointID.LocalPort,
}

Expand Down

0 comments on commit f4d5e39

Please sign in to comment.