Aura Botnet – A Portable Botnet Framework with a Django-based C2 server

Comments Off on Aura Botnet – A Portable Botnet Framework with a Django-based C2 server
A super portable botnet framework with a Django-based C2 server. The client is written in C++, with alternate clients written in Rust, Bash, and Powershell.

C2 Server

The botnet’s C2 server utilizes the Django framework as the backend. It is far from the most efficient web server, but this is offset by the following:

  • Django is extremely portable and therefore good for testing/educational purposes. The server and database are contained within the aura-server folder.
  • Django includes a very intuitive and powerful admin site that can be used for managing bots and commands
  • The server is only handling simple POST requests and returning text
  • Static files should be handled by a separate web server (local or remote) that excels in serving static files, such as nginx

The admin site located at http://your_server:server_port/admin can be accessed after setting up a superuser (see below).

Database

The C2 server is currently configured to use a SQLite3 database, bots.sqlite3. The current configuration can be changed in aura-server/aura/settings.py. You may wish to use MySQL, or even PostgreSQL instead; this easy to do thanks to Django’s portable database API.

Bot Clients

The primary client is written in C++, and can be compiled for either Linux or Windows using CMake. Alternate clients are written in Rust, Bash, and Powershell, but are may lack certain functionality as they are mostly unsupported. I will fix any major bugs that come to my attention, but they will continue to lack certain features for the time being, such as running commands in different shells.

The client will gather relevant system information and send it to the C2 server to register the new bot. Identification is done by initially creating a file containing random data — referred to as the auth file throughout the code — which will then be hashed each time the client runs to identify the client and authenticate with the C2 server. It will then install all the files in the folder specified in the code, and initialize the system service or schedule a task with the same privileges that the client was run with. The default settings have the client and other files masquerading as configuration files.

Also read: Ares – Python Botnet and Backdoor

Getting Started: C2 Server

Read documentation here

Geting Started: Bot Clients

Read documentation here

Other Notes

Because this is for testing purposes, the C2 server needs to be hard-coded into client and web delivery files. It is currently set to localhost on all the files. This is because an actual botnet would use something like a domain generation algorithm (DGA) to sync a stream of changing domains on the client side with a stream of disposable domains being registered — or just really bulletproof hosting like the original Mirai botnet.

The code is also not obfuscated nor is there any effort put toward preventing reverse engineering; this would defeat the purpose of being a botnet for testing and demonstrations.

The killswitch folder contains scripts for easy client removal when testing on your devices.

You can read more about the developer and Aura botnet here – https://github.com/watersalesman/aura-botnet

Related Articles

ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
Live Chat
RESOURCES
Get Started
TOOLBOX
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook
Twitter
Google-plus
Wordpress