How Hackers Move Through Networks (with Ligolo)

Рет қаралды 249,006

4 ай бұрын

jh.live/vanta || Prove your security compliance with Vanta! Get $1,000 off with my link: jh.live/vanta
The Pivoting Lab SnapLabs template: jh.live/pivoting
Free Cybersecurity Education and Ethical Hacking with John Hammond
📧 JOIN MY NEWSLETTER ➡ jh.live/email
🙏 SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎 FOLLOW ME EVERYWHERE ➡ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/discord ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
🔥 KZbin ALGORITHM ➡ Like, Comment, & Subscribe!

Пікірлер: 188

@_JohnHammond 3 ай бұрын

Sorry, I just added the Pivoting Lab SnapLabs template link now: jh.live/pivoting Thanks for watching and all your support! (and psst, check out Vanta! jh.live/vanta )

@flan701 Ай бұрын

Is this template still accessible? I am unable to reach it on SnapLabs. Just gives me "network error" when trying to open it.

@brandhark7935 3 ай бұрын

Just did this pivoting and hacked my local police department and they loved it! They even offered me a free room with free toilet and nice orange clothes! Life is good!

@WolfIonGaming 3 ай бұрын

😂

@darrylwest3106 3 ай бұрын

Lmao good one!

@Sasquatchbones 3 ай бұрын

Master life hack 🙌🏼

@ruslanbedoev9264 3 ай бұрын

hahah😂😂

@2rx_bni 3 ай бұрын

😂😂😂

@KevlarSlap 3 ай бұрын

In my experience, servers in a DMZ don't have a second interface on an internal subnet- that defeats the purpose of the DMZ.

@F0rc3Tv 3 ай бұрын

im so glad i learned how to use ligolo before doing the CPTS exam. passed on the exam in august on the first attempt

@MalwareCube 3 ай бұрын

Ligolo is killer for the OSCP Active Directory set. 🎉

@Michael_Jackson187 3 ай бұрын

They let you use tools on the Oscp?

@GodlyTank 3 ай бұрын

@@Michael_Jackson187 Oh yeah, just not any auto exploit tools. So avoid metasploit framework auto-exploits, sqlmap, but you can still use msfvenom (I faded it for a while and have had a few boxes where I couldn't get any of my reverse shells to work without it

@eli_the_crypto_guy 3 ай бұрын

@@Michael_Jackson187Check rules of engagement, some tools amd techmiques are not allowed, like Metasploit attack modules

@DarkDonnieMarco 2 ай бұрын

@@Michael_Jackson187no you have to do the entire OSCP in assembly.

@BlizzetaNet 3 ай бұрын

I love how you've grown into cybersecurity. I'm very rusty and think your videos are helping eliminate that rust.

@KenPryor 3 ай бұрын

This is so cool! It would be very interesting to do a forensic exam on the pivot machine to see what signs are left behind by Ligolo activity. Great video!

@deebee201 Ай бұрын

Please pontificate on this subject with some particulars. I am almost finished with my digital forensics cert, and I want to understand all of the practical scenarios I can. TY

@PrinceJohn84 3 ай бұрын

Anybody putting servers in a DMZ with interfaces that reside in completely different networks probably needs a recap on exactly what a DMZ is for.

@pimpnosimpg5416 2 ай бұрын

Can u explain pls?

@deebee201 Ай бұрын

Right! Thank you! I know he has more experience than me, but I was like no bueno hombre.

@forty4seven46 Ай бұрын

@@pimpnosimpg5416 Certainly! When setting up a DMZ, the goal is to isolate publicly accessible servers from the internal network to enhance security. Typically, servers in a DMZ have interfaces connected to both the external (untrusted) network and the internal (trusted) network. This setup allows external users to access services like web servers or email servers while keeping them separated from sensitive internal resources. However, if servers in a DMZ have interfaces connected to completely different networks, it could indicate a misunderstanding of how to properly configure a DMZ. The purpose of a DMZ is to create a buffer zone between the internet and the internal network, ensuring that any security breaches or attacks targeting public-facing services are contained and don't compromise internal systems. Placing servers with interfaces in different networks within a DMZ could create confusion and potentially undermine the intended security benefits of the DMZ architecture.

@lilp4p1 3 ай бұрын

All of that is automated with the havoc-ligolo module as well! Cool video ^^

@MoveTrueRecords_ 3 ай бұрын

this is super clean content now i love it. Love the examples shown

@MrHasooooni 3 ай бұрын

this tool would make the job a lot easier thank you for the demo man keep up the good work much love from Saudia Arabia

@danieltran7637 3 ай бұрын

Thank you so much John for sharing, all that super useful knowledge with us. I realy enjoying watching your videos. 👍

@ulyssesfister3735 3 ай бұрын

easy to understand, thanks John. Nifty piece of software

@BillHeng 29 күн бұрын

I just learnt about this tool a few weeks back for my OSCP prep. looking forward to using it in my exam soon

@0xnightfury 3 ай бұрын

John's background looks dope !! wow

@berthold9582 3 ай бұрын

I wonder how anyone can provide such exciting content. There are no two like you sir

@ScottPlude 3 ай бұрын

the RED side of my brain loves ya. the BLUE side of my brain has constant headaches!

@maniakdemi3548 3 ай бұрын

Started using this tool yesterday... Hopefully, I'll get to understand it here

@hamidb75 3 ай бұрын

Great stuff, looking forward to test it out. Thanks

@s.hariharan6958 3 ай бұрын

Thank you John! 🙂

@aleckane99 3 ай бұрын

Can you make a video on protecting against this or simply show how to setup a detector for it? That would be sick. I had to subscribe after watching this demo, very well done!

@AlexandruMocanu 3 ай бұрын

A really good starting point is: if a machine is in the DMZ you should not add another Network to it (Hosts network in this case). It should not have multiple interfaces attached to other Networks than the DMZ. If the machine has multiple networks attaches no firewall can stop traffic

@btarg1 3 ай бұрын

This is so cool! Could you do some videos on initial access and bypassing windows defender too?

@angeatgr 3 ай бұрын

Thanks for all the content, again very nice video !

@JackOfAllThreatsMasterOfNone 3 ай бұрын

Thanks for making this tutorial

@0oNoiseo0 3 ай бұрын

Thank you John!

@l2xsniper1 3 ай бұрын

Wow awesome tool. Could you maybe do a follow up of some more complex scenario's?

@havoc_64 3 ай бұрын

Great Video!! Thanks for sharing this

@evodefense 3 ай бұрын

Great video and tools thanks!

@darkdagger032 3 ай бұрын

Great video, John!

@jonathanj3362 3 ай бұрын

Very cool and thanks for the video! Feedback: The multiple camera views of the video I am not the biggest fan of at this time. I feel more connected to the content when its the straight on camera angle where you are engaged with the viewers, when it switches seeing you looking in a different direction makes it feel disconnected from the content. If you plan on keeping the multiple angles personally I would like to see you engage the camera that is active. Appreciate all the new content you are producing! That is my .02.

@aadishm4793 3 ай бұрын

Great video, Keep it up 💪🎉🎉

@davidbl1981 3 ай бұрын

What is the CN of the let’s encrypt certificate? Perhaps you could easily traverse ligolo certificates via the certificate transparency database…

@mmgm 3 ай бұрын

Isn’t the certificate generated on the proxy side ie your kali box that does have internet? And then the TLS certificate can be verified offline by the agent

@InsanexBrain 3 ай бұрын

Where was this program when i took eCPPT? great video!!

@cyberdevil657 3 ай бұрын

Jesus John your content has improved soo much!!! We love you man :D

@nordgaren2358 3 ай бұрын

Thank you! It's a team effort. :)

@NimbleSF 3 ай бұрын

I literally just learned about this program after having trouble with chisel on my OSCP lol. Cannot wait to try it out.

@BlackwinghacksBlogspot 2 ай бұрын

How was the exam ?

@NimbleSF 2 ай бұрын

@@BlackwinghacksBlogspot Whooped my ass

@chathurangaonnet 3 ай бұрын

Can we still use this in network client isolation network ? I mean if the access restricted network withing the same vlan clients ?

@salemmusbah3676 3 ай бұрын

Thanks John Hammond more Tut like this plz

@jarrettgoh8920 Ай бұрын

This concept can be achieved with dynamic port forwarding with SSH too right? But just that it’s slower when running nmap scans?

@user-ii5xv7yd2e 3 ай бұрын

Sir , after completing bca course then what course should we take to fully completed cybersecurity or Ethical hacking

@jghuathuat 3 ай бұрын

would've like to see a double pivot.

@rationalbushcraft 3 ай бұрын

I would think most DMZs would block unnecessary ports to the inside. Am I missing something here?

@Youtupe69 3 ай бұрын

Its actually an outgoing connection from the dmz. It doesnt need an open port from the outside.

@rationalbushcraft 3 ай бұрын

@@Youtupe69 I get that but doesn’t it need ports between the Private and DMZ? At least whatever port it is using for the proxy connection.

@factorialandha5929 3 ай бұрын

@@rationalbushcraft if you set up your DMZ properly, you are correct, you would seriously limit and restrict access, most likely using an Internal firewall, so that your DMZ can only access the devices and servers it requires access to internally to function and also restrict any outbound traffic to the outside that isnt required. this does not completely remove the risk, it just reduces the scope of the attack and means the attacker may have to "pivot" a few times. Granted they can get the tunnel connected in the first instance.

@KevlarSlap 3 ай бұрын

@@factorialandha5929 I think the issue is that John is selling this as a way to move laterally without explaining further on how DMZs normally work. He says the devices in the DMZ can access the internal network when that's mostly untrue. DMZs are designed to have limited access to the internal network. This might confuse the many newbies watching his channel into thinking that all DMZs have unrestricted internal network access.

@janekmachnicki2593 3 ай бұрын

Awesome mate Thanks

@erglaligzda2265 3 ай бұрын

Is there a way to find out if agent has been installed on machine, for example ligolo agent? In case, AV cannot find anything...

@Team_VALHALLA69 3 ай бұрын

Hi John sir 👋 love from India 🇮🇳

@augustinemunene3469 3 ай бұрын

does this mean you will be able to access the subnet of the companies assuming they are using active directory

@WildDisease72 3 ай бұрын

Its easier to social engineer today directly to internal network via employee weakness (especially new people to country)

@Toxicbananaz007 3 ай бұрын

Could we get a link to the template of the cloud lab? I may just be blind but i couldnt find it

@haroldvelasquez9631 3 ай бұрын

Wow this is awesome!! I will try to make it work on the pivoting labs of HTB. Hope this makes it easier. A video like this pivoting and double pivoting on windows environments will be really cool

@architvats2633 Ай бұрын

You're simply the best

@brettnieman3453 3 ай бұрын

Good stuff. Hopefully it doesn't get popped by EDR soon.

@andreighita8762 3 ай бұрын

What keyboard are you using?

@vpswede98 3 ай бұрын

9:00 John, what did you mean that selfsigned certificates are vulnerable for man in the middle attacks? I ofcourse might be wrong, but the encryption doesn't change (aslong as you do it correctly) only that there is no CA. And pretty much only case where this would be an issue would be in a externally communicating website, but for internal traffic, i dont see the issue with running selfsigned?

@nekkrokvlt 3 ай бұрын

Because MiTM uses self signed cert as well, so if you tell ligolo to accept self-signed cert, there's no way to know if it is the self signed from from the ligolo device, or someone doing MiTM.

@vpswede98 3 ай бұрын

@@nekkrokvlt ahh so it’s not a diss on self signed certs in general but only in the way that ligolo gets a hold of its cert. Thanks for the response

@berndeckenfels 3 ай бұрын

If you use a self signed cert AND verify its fingerprint, it’s actually safer than trusting a thirdparty. It’s just less convenient (ligolo could make it more convenient by pasting the fingerprint to accept) so this step is often skipped. However, do you fear you get hacked as a hacker? ,)

@ERICHOEHNINGER 3 ай бұрын

Is it just me who doesn't like the vision mixer(camera transition) ?😅

@infohazard 3 ай бұрын

yes a bit strange

@codingpandas 3 ай бұрын

Hey john, you are one of the best and i have been learning from you from the last three years.. but hey did anyone tell you you look alot like that footballer Kevin De Bruyne

@safelinkit 2 ай бұрын

Bye bye Proxychains. Gonna use that fro my PNPT exam in 2 weeks. Quick test in my home lab worked flawlessly with your tutorial (well - the agent does get picked up by Defender, but for the purpose of exam-prep I deactivated it in my lab)

@dm3035 3 ай бұрын

💥EXCELLENT VIDEO - GREAT SKILLS SHARING - MUST WATCH - THANK YOU 💥

@jayrockjunk 2 ай бұрын

These always start with, "let's assume we already obtained access to this host". That's the hard part. Everything else is easy.

@user-zt6cp3xp3v 3 ай бұрын

Thanks Sir$

@kooroshsanaei 3 ай бұрын

Wow -Prefect WHy Don't KZbin Give you a strike !?

@itsksujan 3 ай бұрын

where is the link to the cloud lab ?

@umarniazafridi 3 ай бұрын

❤ love your videos ❤❤

@pgriggs2112 3 ай бұрын

Oh, don’t advocate for “real” certs. That’s evidence! Self-signed cert is perfect for this application.

@chaxiraxi_ytb 3 ай бұрын

Explaining what Kali is and what is a "cross-platform" software while presenting a network pivoting tool for advanced pentesters is killing me

@rob-890 3 ай бұрын

Gotta fill the time

@aunghtoomyat9481 3 ай бұрын

Yo I cannot seem to find the premade template.

@NimbleSF 3 ай бұрын

I tried using the autocert but it seems to have an issue. "yamux: Failed to write header: acme/autocert: missing server name ERRO[0151] could not register agent, error: session shutdown". For the purposes of taking exams and stuff though, this is super awesome, don't need real certs.

@zer001 3 ай бұрын

Nice Video. But in my opinion it is a little to hectic. The cuts look cool, but they are a bit confusing.

@vnit4security Ай бұрын

Very nice

@stamdar1 3 ай бұрын

1:38 "links below" Never once has anyone on this platform delivered on that promise

@quentin7343 2 ай бұрын

Brilliant pedagogy

@deebee201 Ай бұрын

Hey quentin, it has been a while since somebody used verbiage that I had to look up on You Tube. Well said, beautiful nomenclature sir. This will be something I will use. Well spoken, if you don't mind, drop some more knowledge. I am thirsty for smart human interaction.

@Alwso 2 ай бұрын

So you should have a machine in DMZ to get it works

@KanjiasDev 3 ай бұрын

I guess you could also use that as a quick and dirty solution to create bridges to fix problems with NATed networks, right? 😅

@ernestoditerribile 2 ай бұрын

Aarch64 if you compile all Kali apps directly in MacOS or Fedora Asahi Linux. Off course Kali is easier, because of all the built in tools, but it’s way faster when you compile it natively.

@relevant3329 3 ай бұрын

I like this new version videos

@TonyAsh-rp6fp 3 ай бұрын

Thanks john, I have downloaded adn installed it but you are realy fast explaining. Dont get all how to do properly. May be this video is for intro but if you have time please show us the complete tutorial like attacker machine ---> compromised machine --> then from pivoting how to do just for beginners. I am newbie. Many thanks in advance. Love your previous contents.

@user-hd3pz2ow1b 2 ай бұрын

13:31 defense ideas to defeat ligolo .. the ping command can be changed in linux .. our defensive code files first runs a script then runs ping .. so when malware runs ping runs our defensive script and then parse the malware script and block the ip addresses in malware .. .. futher upload ip to SOC and block in protected networks

@Thuja814 3 ай бұрын

I’m not a computer expert, Jack Rhysider warped my brain so I listen to videos like this to relax at bedtime

@BurtMacklin947 3 ай бұрын

Lol exactly the same happened to me, now a few years later I'm working as a pentester. Thanks Jack 🤣

@bigdaddy5303 3 ай бұрын

Jesus 1 million subs and now we see john for multiple angles in real time

@AGASTRONICS 3 ай бұрын

Cool Video 📼 How I wish these tools were not honeypots developed by Blue Team or the Government 😅 😡🙂😄 Just stick with the tradition 🤗 you what I mean. Cool video Thanks 🎉

@rodrod3398 7 күн бұрын

anyone facing this in double pivor ? error: a tunnel is already using this interface name. Please use a different name using the --tun option

@criteriumprovidus4360 3 ай бұрын

Yeay! Great Ligolo !!! oh wait most computers in a network don't have two NICs unless is a server and servers don't get malware from users clicking an email. So this means that Ligolo CAN"T move laterally. Damn too bad. Too much fanfare for things that almost never happen. Please tell me that I'm wrong!

@robyee3325 3 ай бұрын

So how do you protect against this attack?

@berndeckenfels 3 ай бұрын

You can watch for untrusted binaries, filter egress ports and of course don’t give attackers shell on your hosts.

@robyee3325 3 ай бұрын

@@berndeckenfels Thank you for not trolling!

@wrathofainz 3 ай бұрын

Credit for the background music in the beginning goes to... ? ??

@swilson42 Ай бұрын

Hey look, if someone sets up a server with two interfaces, one with a public IP and one with a private IP on a production internal LAN, AND they kindly let me install my hacking tool (or maybe just happen to have an unpatched vulnerability), AND they don’t use any firewall rules to limit access either on the public or private interfaces, AND they don’t use any endpoint protection tools, AND they don’t use any traffic inspections tools, it’s SO easy to hack them! /s Yeah this isn’t remotely how a DMZ is set up. For sure there are sloppy admins who have servers bridging public and private networks like this, but that’s not called a DMZ, that’s called an invitation to the Target and Equifax awards and breaching them would likely be far easier than using a fancy pivot tool like this. They probably have 3389 wide open so you can RDP right onto their server with a guest account like it’s 1999. New video title: Compromising networks with no security.

@hehefer 3 ай бұрын

wow john i love u more than i love myself

@umarniazafridi 3 ай бұрын

Make videos on bug bounty.

@ryanstricklin198 3 ай бұрын

You should really look into investing into a teleprompter so that you don't have to keep looking off the camera, in order to keep the audience engaged. Good work!

@HellHound___0 3 ай бұрын

Nice

@clementanguandia104 3 ай бұрын

Windows will flag ligolo as malicious soon ;p

@nathanielsmith2918 3 ай бұрын

Anytime you open up a web page on my screen it got all garbage and pixelated like. But no the sponsors Segway worked fine...

@caglayagmurr 2 ай бұрын

i read ligolo as gigolo i need sleep ☠☠☠

@user-hd3pz2ow1b 2 ай бұрын

nice

@JontheRippa Ай бұрын

Wow 😮 👍👍👍

@LionBrine 3 ай бұрын

Ligolo mentioned RAHHHHH

@snudget 3 ай бұрын

"ligolo-ng can work on any machine. Linux, Windows and Mac" Imagine a company using Macs as their servers 💀

@georgehammond867 3 ай бұрын

this thing is very dangerous program!

@steelsteez6118 3 ай бұрын

00:24 I can see your eyes reading off of a script!! CHEATER!! I thought you were a knowledge BEAST that knew all this from the top of his head when explaining it!!! How dare you prepare such a well prepared video with high production quality!!