.NET AWS Lambda Function
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Related Stories: AWS Security | Lambda Security
💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I haven’t used .NET in a couple of years but a lot of pen testers are using it more now so thought I’d give it another look. Might come in handy. :) Also checking out how it works for my upcoming talk at RSA 2020 on Serverless Attack Vectors.
Install .NET SDK (CLI) on AWS EC2 Instance
The first thing I tried to do is to write it from scratch without .NET tools, but it was a pain. .NET generates a bunch of files required for a project that I forgot about. I got errors like this one.
{
"errorType": "LambdaException",
"errorMessage": "Could not find the required 'LambdaTest.deps.json'. This file should be present at the root of the deployment package."
}I didn’t want more tools on local machine so for a quick test I installed it on an AWS EC2 instance.
sudo rpm -Uvh https://packages.microsoft.com/config/centos/7/packages-microsoft-prod.rpmsudo yum install dotnet-sdk-3.1Simple AWS .NET Lambda Test
Once I got over my aversion to installing a bunch of different tools to do a simple thing, I followed an AWS tutorial but hit a couple of glitches so posting this list of steps to help anyone else who had the same problems.
- On your EC2 Instance, install the Lambda Templates from NuGet using the .NET CLI you just installed.
dotnet new -i Amazon.Lambda.Templates2. Run the command to create the code for your .NET Lambda function. I named my function 2ndSightLabTest.
dotnet new lambda.EmptyFunction --name 2ndSightLabTest
3. Have a look at the files that were created.
4. Install the Amazon Lambda tools
dotnet tool install -g Amazon.Lambda.Tools5. Update the Amazon Lambda tools
dotnet tool update -g Amazon.Lambda.Tools6. Type exit end your EC2 session.
7. Reconnect to your instance. Tip: Use the history command. Then ![#].
8. Navigate to the following function src directory.
cd ~/2ndSightLabTest/src/2ndSightLabTest
9. Run an ls command to make sure you see the .csproj file.
10. Deploy the function.
dotnet lambda deploy-function 2ndSightLabTest11. Choose the option to Create new IAM Role. Option 2 in my case.
12. Enter a name for your role.
13. Enter the number of the role you want to use. For this test I chose 1**.
** Security best practice will be to choose a role with the least permissions you need.
14. Run a command to test the lambda function.
dotnet lambda invoke-function 2ndSightLabTest --payload “Testing...1...2...3...Testing”
Cool. It worked.
15. Check the lambda function in the console.
16. Click on the lambda function.
Tip: Click the arrow next to designer to hide it. Does anyone use that?
17. You can see information about the code, but can’t view it in the console.
18. Click Monitoring. Hmm, I don’t see my invocation?
19. Click View Logs in CloudWatch. Click the log stream.
Note that so far my invocation has not appeared. It seems to take a while.
20. Return to the function and click Test.
21. Change the key name to payload and the value to whatever you what.
22. Scroll down and click Create.
23. Click Test again.
Oops. There’s an error.
Since we know the .NET Lambda function works on the command line, I presume this is an AWS Console bug.
{
"errorType": "JsonSerializerException",
"errorMessage": "Error converting the Lambda event JSON payload to a string. JSON strings must be quoted, for example \"Hello World\" in order to be converted to a string: Unexpected character encountered while parsing value: {. Path '', line 1, position 1.",
"stackTrace": [
"at Amazon.Lambda.Serialization.Json.JsonSerializer.Deserialize[T](Stream requestStream)",
"at lambda_method(Closure , Stream , Stream , LambdaContextInternal )"
],
"cause": {
"errorType": "JsonReaderException",
"errorMessage": "Unexpected character encountered while parsing value: {. Path '', line 1, position 1.",
"stackTrace": [
"at Newtonsoft.Json.JsonTextReader.ReadStringValue(ReadType readType)",
"at Newtonsoft.Json.JsonTextReader.ReadAsString()",
"at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.ReadForType(JsonReader reader, JsonContract contract, Boolean hasConverter)",
"at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.Deserialize(JsonReader reader, Type objectType, Boolean checkAdditionalContent)",
"at Newtonsoft.Json.JsonSerializer.DeserializeInternal(JsonReader reader, Type objectType)",
"at Newtonsoft.Json.JsonSerializer.Deserialize[T](JsonReader reader)",
"at Amazon.Lambda.Serialization.Json.JsonSerializer.Deserialize[T](Stream requestStream)"
]
}
}Side Note: Oracle is dropping serialization due to all the security problems it causes. https://www.infoworld.com/article/3275924/oracle-plans-to-dump-risky-java-serialization.html
Be careful with deserialization of untrusted data: https://owasp.org/www-community/vulnerabilities/Deserialization_of_untrusted_data
24. Go back to Monitoring. Now stats exist.
25. Now entries exist in the logs showing the errors.
That’s it for this simple test. If you’re a .NET developer you might want to consider other options such as using VS Code, but be careful where you store and transmit your AWS credentials.
See references at the end.
Follow for updates.
Teri Radichel | © 2nd Sight Lab 2020
About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight LabNeed Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for PresentationFollow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab
__________________
References:
AWS Tutorial: