diff --git a/README.md b/README.md index 6a31399..adcdc3d 100644 --- a/README.md +++ b/README.md @@ -33,6 +33,9 @@ You use Ligolo-ng for your penetration tests? Did it help you pass a certificati - [Using your own TLS certificates](#using-your-own-tls-certificates) - [Automatic self-signed certificates](#automatic-self-signed-certificates) - [Using Ligolo-ng](#using-ligolo-ng) + - [Start the agent](#start-the-agent) + - [Start the tunneling](#start-the-tunneling) + - [Setup routing](#setup-routing) - [Agent Binding/Listening](#agent-bindinglistening) - [Access to agent's local ports (127.0.0.1)](#access-to-agents-local-ports-127001) - [Agent as server (Bind)](#agent-as-server-bind) @@ -171,6 +174,7 @@ To ignore all security mechanisms, the `-ignore-cert` option can be used with th > Beware of man-in-the-middle attacks! This option should only be used in a test environment or for debugging purposes. ### Using Ligolo-ng +#### Start the agent Start the *agent* on your target (victim) computer (no privileges are required!): @@ -193,7 +197,19 @@ ligolo-ng » session ? Specify a session : 1 - nchatelain@nworkstation - XX.XX.XX.XX:38000 ``` -Display the network configuration of the agent using the `ifconfig` command: +#### Start the tunneling + +Start the tunnel on the proxy, using the `evil-cha` interface name. + +``` +[Agent : nchatelain@nworkstation] » tunnel_start --tun evil-cha +[Agent : nchatelain@nworkstation] » INFO[0690] Starting tunnel to nchatelain@nworkstation +``` +> On macOS, you need to specify a utun[0-9] device, like utun4. + +#### Setup routing + +First, display the network configuration of the agent using the `ifconfig` command: ``` [Agent : nchatelain@nworkstation] » ifconfig @@ -209,22 +225,21 @@ Display the network configuration of the agent using the `ifconfig` command: └──────────────┴──────────────────────────────┘ ``` -Add a route on the *proxy/relay* server to the *192.168.0.0/24* *agent* network. +Then setup routes accordingly. -*Linux*: +**Linux**: -**Using the terminal:** +*Using the terminal:* ```shell $ sudo ip route add 192.168.0.0/24 dev ligolo ``` -**Or using the Ligolo-ng (>= 0.6) cli:** +*Or using the Ligolo-ng (>= 0.6) cli:* ``` ligolo-ng » interface_add_route --name evil-cha --route 192.168.2.0/24 INFO[3206] Route created. ``` - -*Windows*: +**Windows**: ``` > netsh int ipv4 show interfaces @@ -235,20 +250,12 @@ Idx Mét MTU État Nom > route add 192.168.0.0 mask 255.255.255.0 0.0.0.0 if [THE INTERFACE IDX] ``` -Start the tunnel on the proxy, using the default `ligolo` interface name: +**macOS:** ``` -[Agent : nchatelain@nworkstation] » tunnel_start -[Agent : nchatelain@nworkstation] » INFO[0690] Starting tunnel to nchatelain@nworkstation -``` - -You can also specify a custom tuntap interface using the ``--tun iface`` option: - +$ sudo ifconfig utun4 alias [random_ip] 255.255.255.0 +$ sudo route add -net 192.168.2.0/24 interface utun4 ``` -[Agent : nchatelain@nworkstation] » tunnel_start --tun mycustomtuntap -[Agent : nchatelain@nworkstation] » INFO[0690] Starting tunnel to nchatelain@nworkstation -``` - You can now access the *192.168.0.0/24* *agent* network from the *proxy* server. diff --git a/pkg/proxy/netstack/tun/wireguard_darwin.go b/pkg/proxy/netstack/tun/wireguard_darwin.go new file mode 100644 index 0000000..c72cb89 --- /dev/null +++ b/pkg/proxy/netstack/tun/wireguard_darwin.go @@ -0,0 +1,3 @@ +package tun + +const offset = 4 diff --git a/pkg/proxy/netstack/tun/wireguard_ep.go b/pkg/proxy/netstack/tun/wireguard_ep.go index f2a5f8a..f5b5aa6 100644 --- a/pkg/proxy/netstack/tun/wireguard_ep.go +++ b/pkg/proxy/netstack/tun/wireguard_ep.go @@ -53,8 +53,8 @@ func (m *RWEndpoint) Attach(dispatcher stack.NetworkDispatcher) { func (m *RWEndpoint) dispatchLoop() { for { packet := make([]byte, m.mtu) - - n, err := m.wgdev.Read(packet, 0) + // Complying with macOS bullshit - I bought a Mac Mini to solve this nonsense. @phocean you lied, it sucks + n, err := m.wgdev.Read(packet, offset) if err != nil { break } @@ -62,16 +62,15 @@ func (m *RWEndpoint) dispatchLoop() { // Not sure why it happens, discard packet - https://github.com/nicocha30/ligolo-ng/issues/54 continue } - if !m.IsAttached() { continue } pkb := stack.NewPacketBuffer(stack.PacketBufferOptions{ - Payload: buffer.MakeWithData(packet[:n]), + Payload: buffer.MakeWithData(packet[offset : n+offset]), }) - switch header.IPVersion(packet) { + switch header.IPVersion(packet[offset:]) { case header.IPv4Version: m.dispatcher.DeliverNetworkPacket(header.IPv4ProtocolNumber, pkb) case header.IPv6Version: @@ -103,7 +102,10 @@ func (m *RWEndpoint) WritePacket(pkt stack.PacketBufferPtr) tcpip.Error { pktBuf := pkt.ToBuffer() buf.Merge(&pktBuf) - if _, err := m.wgdev.Write(buf.Flatten(), 0); err != nil { + // Complying with macOS bullshit + offsetBuf := make([]byte, offset) + + if _, err := m.wgdev.Write(append(offsetBuf, buf.Flatten()...), offset); err != nil { return &tcpip.ErrInvalidEndpointState{} } return nil diff --git a/pkg/proxy/netstack/tun/wireguard_windows.go b/pkg/proxy/netstack/tun/wireguard_windows.go new file mode 100644 index 0000000..0d36697 --- /dev/null +++ b/pkg/proxy/netstack/tun/wireguard_windows.go @@ -0,0 +1,3 @@ +package tun + +const offset = 0