DO - Functions

Reading time: 3 minutes

tip

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Basic Information

DigitalOcean Functions, also known as "DO Functions," is a serverless computing platform that lets you run code without having to worry about the underlying infrastructure. With DO Functions, you can write and deploy your code as "functions" that can be triggered via API, HTTP requests (if enabled) or cron. These functions are executed in a fully managed environment, so you don't need to worry about scaling, security, or maintenance.

In DO, to create a function first you need to create a namespace which will be grouping functions.
Inside the namespace you can then create a function.

Triggers

The way to trigger a function via REST API (always enabled, it's the method the cli uses) is by triggering a request with an authentication token like:

bash
curl -X POST "https://faas-lon1-129376a7.doserverless.co/api/v1/namespaces/fn-c100c012-65bf-4040-1230-2183764b7c23/actions/functionname?blocking=true&result=true" \
  -H "Content-Type: application/json" \
  -H "Authorization: Basic MGU0NTczZGQtNjNiYS00MjZlLWI2YjctODk0N2MyYTA2NGQ4OkhwVEllQ2t4djNZN2x6YjJiRmFGc1FERXBySVlWa1lEbUxtRE1aRTludXA1UUNlU2VpV0ZGNjNqWnVhYVdrTFg="

To see how is the doctl cli tool getting this token (so you can replicate it), the following command shows the complete network trace:

bash
doctl serverless connect --trace

When HTTP trigger is enabled, a web function can be invoked through these HTTP methods GET, POST, PUT, PATCH, DELETE, HEAD and OPTIONS.

caution

In DO functions, environment variables cannot be encrypted (at the time of this writing).
I couldn't find any way to read them from the CLI but from the console it's straight forward.

Functions URLs look like this: https://<random>.doserverless.co/api/v1/web/<namespace-id>/default/<function-name>

Enumeration

bash
# Namespace
doctl serverless namespaces list

# Functions (need to connect to a namespace)
doctl serverless connect
doctl serverless functions list
doctl serverless functions invoke <func-name>
doctl serverless functions get <func-name>

# Logs of executions
doctl serverless activations list
doctl serverless activations get <activation-id> # Get all the info about execution
doctl serverless activations logs <activation-id> # get only the logs of execution
doctl serverless activations result <activation-id> # get only the response result of execution

# I couldn't find any way to get the env variables form the CLI

caution

There isn't metadata endpoint from the Functions sandbox.

tip

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks