DO - Functions
Reading time: 3 minutes
tip
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
Basic Information
DigitalOcean Functions, also known as "DO Functions," is a serverless computing platform that lets you run code without having to worry about the underlying infrastructure. With DO Functions, you can write and deploy your code as "functions" that can be triggered via API, HTTP requests (if enabled) or cron. These functions are executed in a fully managed environment, so you don't need to worry about scaling, security, or maintenance.
In DO, to create a function first you need to create a namespace which will be grouping functions.
Inside the namespace you can then create a function.
Triggers
The way to trigger a function via REST API (always enabled, it's the method the cli uses) is by triggering a request with an authentication token like:
curl -X POST "https://faas-lon1-129376a7.doserverless.co/api/v1/namespaces/fn-c100c012-65bf-4040-1230-2183764b7c23/actions/functionname?blocking=true&result=true" \
-H "Content-Type: application/json" \
-H "Authorization: Basic MGU0NTczZGQtNjNiYS00MjZlLWI2YjctODk0N2MyYTA2NGQ4OkhwVEllQ2t4djNZN2x6YjJiRmFGc1FERXBySVlWa1lEbUxtRE1aRTludXA1UUNlU2VpV0ZGNjNqWnVhYVdrTFg="
To see how is the doctl
cli tool getting this token (so you can replicate it), the following command shows the complete network trace:
doctl serverless connect --trace
When HTTP trigger is enabled, a web function can be invoked through these HTTP methods GET, POST, PUT, PATCH, DELETE, HEAD and OPTIONS.
caution
In DO functions, environment variables cannot be encrypted (at the time of this writing).
I couldn't find any way to read them from the CLI but from the console it's straight forward.
Functions URLs look like this: https://<random>.doserverless.co/api/v1/web/<namespace-id>/default/<function-name>
Enumeration
# Namespace
doctl serverless namespaces list
# Functions (need to connect to a namespace)
doctl serverless connect
doctl serverless functions list
doctl serverless functions invoke <func-name>
doctl serverless functions get <func-name>
# Logs of executions
doctl serverless activations list
doctl serverless activations get <activation-id> # Get all the info about execution
doctl serverless activations logs <activation-id> # get only the logs of execution
doctl serverless activations result <activation-id> # get only the response result of execution
# I couldn't find any way to get the env variables form the CLI
caution
There isn't metadata endpoint from the Functions sandbox.
tip
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.