Bot herders deploy Command and Control (C&C;) panels for commanding and collecting exfiltrated data from the infected hosts on the Internet. To protect C&C; panels, bot herders deploy several built-in (software-centric) protection mechanisms to restrict direct access to these C&C; panels. However, there exist fundamental mistakes in the design and deployment of these C&C; panels that can be exploited to take complete control. This talk discusses about the methodology of launching reverse attacks on the centralized C&C; panels to derive intelligence that can be used to build automated solutions. This research reveals how to detect vulnerabilities and configuration flaws in the remote C&C; panels and exploit them by following the path of penetration testing. This talk is derived from the real time research in which several C&C; panels were targeted and intelligence was gathered to attack the next set of C&C; panels. A number of case studies will be discussed to elaborate step-by-step process of attacking and compromising C&C; panels. This talk also demonstrates the use of automated tools authored for making the testing easier for the researchers.