DO - Functions

Tip

Jifunze na ufanye mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na ufanye mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na ufanye mazoezi ya Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Saidia HackTricks

Basic Information

DigitalOcean Functions, pia inajulikana kama “DO Functions,” ni jukwaa la kompyuta lisilo na seva linalokuruhusu kukimbia msimbo bila kuwa na wasiwasi kuhusu miundombinu ya msingi. Pamoja na DO Functions, unaweza kuandika na kupeleka msimbo wako kama “functions” ambazo zinaweza kuanzishwa kupitia API, maombi ya HTTP (ikiwa imewezeshwa) au cron. Hizi functions zinafanywa katika mazingira yanayosimamiwa kikamilifu, hivyo huhitaji kuwa na wasiwasi kuhusu kupanua, usalama, au matengenezo.

Katika DO, ili kuunda function kwanza unahitaji kuunda namespace ambayo itakuwa ikikundi cha functions.
Ndani ya namespace unaweza kisha kuunda function.

Triggers

Njia ya kuanzisha function kupitia REST API (daima imewezeshwa, ndiyo njia ambayo cli inatumia) ni kwa kuanzisha ombi lenye token ya uthibitishaji kama:

curl -X POST "https://faas-lon1-129376a7.doserverless.co/api/v1/namespaces/fn-c100c012-65bf-4040-1230-2183764b7c23/actions/functionname?blocking=true&result=true" \
-H "Content-Type: application/json" \
-H "Authorization: Basic MGU0NTczZGQtNjNiYS00MjZlLWI2YjctODk0N2MyYTA2NGQ4OkhwVEllQ2t4djNZN2x6YjJiRmFGc1FERXBySVlWa1lEbUxtRE1aRTludXA1UUNlU2VpV0ZGNjNqWnVhYVdrTFg="

Ili kuona jinsi zana ya doctl cli inavyopata token hii (ili uweze kuiga), amri ifuatayo inaonyesha alama kamili ya mtandao:

doctl serverless connect --trace

Wakati kipimo cha HTTP kimewezeshwa, kazi ya wavuti inaweza kuitwa kupitia hizi mbinu za HTTP GET, POST, PUT, PATCH, DELETE, HEAD na OPTIONS.

Caution

Katika DO functions, mabadiliko ya mazingira hayawezi kufichwa (wakati wa kuandika hii).
Sikuweza kupata njia yoyote ya kuyasoma kutoka kwa CLI lakini kutoka kwenye console ni rahisi.

URLs za Functions zinaonekana kama hii: https://<random>.doserverless.co/api/v1/web/<namespace-id>/default/<function-name>

Enumeration

# Namespace
doctl serverless namespaces list

# Functions (need to connect to a namespace)
doctl serverless connect
doctl serverless functions list
doctl serverless functions invoke <func-name>
doctl serverless functions get <func-name>

# Logs of executions
doctl serverless activations list
doctl serverless activations get <activation-id> # Get all the info about execution
doctl serverless activations logs <activation-id> # get only the logs of execution
doctl serverless activations result <activation-id> # get only the response result of execution

# I couldn't find any way to get the env variables form the CLI

Caution

Hakuna endpoint ya metadata kutoka kwenye sandbox ya Functions.

Tip

Jifunze na ufanye mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na ufanye mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na ufanye mazoezi ya Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Saidia HackTricks