How Hackers Move Through Networks (with Ligolo)

John Hammond

17 Jan 202420:01

Summary

TLDRThis video explains how hackers, including ethical hackers, use techniques like lateral movement to compromise multiple systems within a network. The focus is on pivoting through the DMZ to internal networks, using tools like Lolo NG. Lolo NG simplifies this process by enabling penetration testers to establish secure, encrypted tunnels with minimal setup. The tutorial walks through using Lolo NG on a Kali Linux setup to pivot from a compromised DMZ machine into an internal network, demonstrating how to scan for vulnerabilities and gain access to additional systems without complex configurations.

Takeaways

😀 Hackers use lateral movement techniques to compromise additional computers once they've gained access to one device in a network.
😀 Ethical hackers, also known as penetration testers, use similar techniques to access internal networks after compromising publicly accessible services like websites and email servers.
😀 The DMZ (Demilitarized Zone) is a network area where publicly accessible servers sit between the internal network and the outside world, providing a pathway for attackers or ethical hackers to pivot into internal networks.
😀 Pivoting is the key technique used to move from a compromised device (e.g., DMZ machine) into the internal network to access additional systems.
😀 Lolo NG (Next Generation) is a powerful tool for penetration testers that allows easy network pivoting by setting up encrypted tunnels over reverse TCP or TLS connections.
😀 Lolo NG is written in the Go programming language, which is known for its speed and ability to handle concurrency, making it ideal for pivoting tasks.
😀 Ethical hackers can use Lolo NG without needing to set up complex proxy chains or configurations, as it simplifies the process of establishing tunnels between machines.
😀 Lolo NG is cross-platform, meaning it can run on Linux, Windows, or Mac OS, which makes it versatile for use in various penetration testing environments.
😀 To use Lolo NG, penetration testers need to create a tunnel interface on their attacking machine, start the Lolo NG proxy, and connect the agent on the compromised pivot machine.
😀 With Lolo NG, once a connection is established between the attacker and pivot machine, the attacker can route traffic into the internal network and scan for open ports, access services, and even conduct further attacks.
😀 Lolo NG enables easy reverse shell setups by using the pivot machine to funnel connections back to the attacker's machine without needing to configure port forwarding or other complex setups.

Q & A

What is lateral movement in network security?
-Lateral movement refers to the technique used by hackers or ethical hackers to move across a network from one compromised system to another. Once a device is compromised, attackers use this technique to access other systems or data within the same network, often escalating privileges or bypassing security measures along the way.
What is the DMZ (Demilitarized Zone) in a network, and why is it important?
-The DMZ is a subnet that acts as a buffer zone between a company's internal network and the outside world, often housing publicly accessible services like web servers or email systems. While these systems are accessible from the internet, they are isolated from the internal network, which enhances security. However, compromising a device in the DMZ can give attackers a way to pivot into the internal network.
What is pivoting, and why is it crucial for ethical hackers during penetration tests?
-Pivoting is the technique of using a compromised system, like a server or computer in the DMZ, to gain access to the internal network. It's crucial for ethical hackers because it allows them to explore deeper network layers, identify vulnerabilities, and assess overall security by simulating the movement of a malicious attacker.
What tools are mentioned in the script for pivoting, and what do they do?
-The tools mentioned in the script for pivoting include **Lolo NG**, **Chisel**, and **Proxy Chains**. Lolo NG is a tool designed to simplify the process of creating tunnels for pivoting in penetration testing, enabling seamless access from a compromised system to internal networks. Chisel and Proxy Chains also assist in creating reverse tunnels but may require more complex configurations.
How does Lolo NG help penetration testers bypass complex network configurations?
-Lolo NG simplifies the process of creating encrypted tunnels for pivoting. It automates much of the setup, including SSL certificate generation, and eliminates the need for complex configurations such as setting up proxy chains or manually managing routes. This streamlines the process for penetration testers, making lateral movement through networks much more efficient.
Can Lolo NG be used on operating systems other than Linux?
-Yes, Lolo NG is cross-platform, meaning it can be used on **Linux**, **Windows**, and **Mac** operating systems. This makes it highly versatile for ethical hackers or penetration testers working in diverse environments.
What is the significance of creating a new tunnel interface with Lolo NG?
-Creating a new tunnel interface is crucial because it establishes the virtual network connection between the attacking machine and the pivot machine. The tunnel allows the attacker to route traffic through the compromised system and access the internal network, bypassing external security barriers like firewalls.
What is the role of certificates in Lolo NG, and how does it handle encrypted communication?
-Lolo NG relies on certificates for encrypted communication between the attacker and the compromised machine. It can automatically obtain a certificate from Let's Encrypt, but if there’s no internet access (as in a testing environment), the tool can use self-signed certificates. However, self-signed certificates are vulnerable to man-in-the-middle attacks, which is why they should only be used in controlled environments.
How does the attacker use Lolo NG to access an internal network after compromising a DMZ machine?
-After compromising the DMZ machine, the attacker installs and configures the Lolo NG agent on it. By creating a tunnel interface and using Lolo NG's proxy program, the attacker can route traffic through the pivot machine into the internal network. The attacker can then scan the internal network, access services, or launch additional attacks without needing to configure proxy chains or other complex tools.
How does Lolo NG assist in setting up a reverse shell or accessing internal services from an internal network?
-Lolo NG makes it easy to set up a reverse shell by allowing the attacker to configure the agent to listen for connections from internal machines. It can also forward ports from the internal network to the attacker's machine, allowing seamless access to internal services like RDP or SSH without the need for additional configuration or port forwarding.

Outlines

plate

This section is available to paid users only. Please upgrade to access this part.

Mindmap

plate

This section is available to paid users only. Please upgrade to access this part.

Keywords

plate

This section is available to paid users only. Please upgrade to access this part.

Highlights

plate

This section is available to paid users only. Please upgrade to access this part.

Transcripts

plate

This section is available to paid users only. Please upgrade to access this part.

Browse More Related Video

Networking For Hackers: The Only Guide You’ll Ever Need!

top 10 windows commands hackers use to wreak HAVOC

Network Enumeration The Ultimate Guide

Hackers and Crackers #17

2.1 Footprinting Concepts

5 Phases of Ethical Hacking | Recon | Scanning | Gaining and Maintaining Access | Clearing Tracks

Rate This

★

★

★

★

★

5.0 / 5 (0 votes)

Related Tags

ethical hackingpenetration testingLolo NGnetwork securitycybersecurity toolspivoting techniquesreverse shellCali Linuxnetwork exploitationethical hackershacking tools