HackTricks CloudDO - Functions
Reading time: 3 minutes
tip
Jifunze na fanya mazoezi ya AWS Hacking:
HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: 
HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na fanya mazoezi ya Azure Hacking: 
HackTricks Training Azure Red Team Expert (AzRTE)
Support HackTricks
- Angalia mpango wa usajili!
- Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
- Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.
Basic Information
DigitalOcean Functions, pia inajulikana kama "DO Functions," ni jukwaa la kompyuta lisilo na seva linalokuruhusu kukimbia msimbo bila kuwa na wasiwasi kuhusu miundombinu ya msingi. Pamoja na DO Functions, unaweza kuandika na kupeleka msimbo wako kama "functions" ambazo zinaweza kuanzishwa kupitia API, maombi ya HTTP (ikiwa imewezeshwa) au cron. Hizi functions zinafanywa katika mazingira yanayosimamiwa kikamilifu, hivyo huhitaji kuwa na wasiwasi kuhusu kupanua, usalama, au matengenezo.
Katika DO, ili kuunda function kwanza unahitaji kuunda namespace ambayo itakuwa ikikundi cha functions.
Ndani ya namespace unaweza kisha kuunda function.
Triggers
Njia ya kuanzisha function kupitia REST API (daima imewezeshwa, ndiyo njia ambayo cli inatumia) ni kwa kuanzisha ombi lenye token ya uthibitishaji kama:
curl -X POST "https://faas-lon1-129376a7.doserverless.co/api/v1/namespaces/fn-c100c012-65bf-4040-1230-2183764b7c23/actions/functionname?blocking=true&result=true" \
-H "Content-Type: application/json" \
-H "Authorization: Basic MGU0NTczZGQtNjNiYS00MjZlLWI2YjctODk0N2MyYTA2NGQ4OkhwVEllQ2t4djNZN2x6YjJiRmFGc1FERXBySVlWa1lEbUxtRE1aRTludXA1UUNlU2VpV0ZGNjNqWnVhYVdrTFg="
Ili kuona jinsi zana ya doctl cli inavyopata token hii (ili uweze kuiga), amri ifuatayo inaonyesha alama kamili ya mtandao:
doctl serverless connect --trace
Wakati kipimo cha HTTP kimewezeshwa, kazi ya wavuti inaweza kuitwa kupitia hizi mbinu za HTTP GET, POST, PUT, PATCH, DELETE, HEAD na OPTIONS.
caution
Katika DO functions, mabadiliko ya mazingira hayawezi kufichwa (wakati wa kuandika hii).
Sikuweza kupata njia yoyote ya kuyasoma kutoka kwa CLI lakini kutoka kwenye console ni rahisi.
URLs za Functions zinaonekana kama hii: https://<random>.doserverless.co/api/v1/web/<namespace-id>/default/<function-name>
Enumeration
# Namespace
doctl serverless namespaces list
# Functions (need to connect to a namespace)
doctl serverless connect
doctl serverless functions list
doctl serverless functions invoke <func-name>
doctl serverless functions get <func-name>
# Logs of executions
doctl serverless activations list
doctl serverless activations get <activation-id> # Get all the info about execution
doctl serverless activations logs <activation-id> # get only the logs of execution
doctl serverless activations result <activation-id> # get only the response result of execution
# I couldn't find any way to get the env variables form the CLI
caution
Hakuna endpoint ya metadata kutoka kwenye sandbox ya Functions.
tip
Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)
Support HackTricks
- Angalia mpango wa usajili!
- Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
- Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.