ARES - PYTHON BOTNET AND BACKDOOR
Ares is made of two main programs:
- A Command aNd Control server, which is a Web interface to administer the agents
- An agent program, which is run on the compromised host, and ensures communication with the CNC
The client is a Python program meant to be compiled as a win32 executable using pyinstaller. It depends on the requests, pythoncom, pyhook python modules and on PIL(Python Imaging Library).
It currently supports:
- remote cmd.exe shell
- persistence
- file upload/download
- screenshot
- key logging
INSTALLATION
SERVER
To install the server, first create the sqlite database:cd server/
python db_init.py
If no installed, install the cherrypy python package.
Then launch the server by issuing: python server.py
By default, the server listens on http://localhost:8080
AGENT
The agent can be launched as a python script, but it is ultimately meant to be compiled as a win32 executable using pyinstaller.First, install all the dependencies:
- requests
- pythoncom
- pyhook
- PIL
SERVER_URL = URL of the CNC http server
BOT_ID = the (unique) name of the bot, leave empty to use hostname
DEBUG = should debug messages be printed to stdout ?
IDLE_TIME = time of inactivity before going in idle mode (the agent checks the CNC for commands far less often when idle).
REQUEST_INTERVAL = interval between each query to the CNC when active
Finally, use pyinstaller to compile the agent into a single exe file:
cd client/
pyinstaller --onefile --noconsole agent.py
Aucun commentaire:
Enregistrer un commentaire