-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathlambda_function.py
More file actions
179 lines (138 loc) · 6.58 KB
/
Copy pathlambda_function.py
File metadata and controls
179 lines (138 loc) · 6.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
# -*- coding: utf-8 -*-
# This is a simple Hello World Alexa Skill, built using
# the implementation of handler classes approach in skill builder.
import logging
import boto3
import os
from ask_sdk_core.skill_builder import SkillBuilder
from ask_sdk_core.dispatch_components import AbstractRequestHandler
from ask_sdk_core.dispatch_components import AbstractExceptionHandler
from ask_sdk_core.utils import is_request_type, is_intent_name
from ask_sdk_core.handler_input import HandlerInput
from ask_sdk_model.ui import SimpleCard
from ask_sdk_model import Response
sb = SkillBuilder()
logger = logging.getLogger(__name__)
logger.setLevel(logging.INFO)
# lambda environment variable
bucket = os.environ['Bucket']
# memory dump filename
raw_file = "windows-memory.raw"
class LaunchRequestHandler(AbstractRequestHandler):
def can_handle(self, handler_input):
# type: (HandlerInput) -> bool
return is_request_type("LaunchRequest")(handler_input)
def handle(self, handler_input):
# type: (HandlerInput) -> Response
speech_text = "Hello."
handler_input.response_builder.speak(speech_text).set_card(
SimpleCard("Hello World", speech_text)).set_should_end_session(
False)
return handler_input.response_builder.response
class HelpIntentHandler(AbstractRequestHandler):
def can_handle(self, handler_input):
# type: (HandlerInput) -> bool
return is_intent_name("AMAZON.HelpIntent")(handler_input)
def handle(self, handler_input):
# type: (HandlerInput) -> Response
speech_text = "You can say hello to me!"
handler_input.response_builder.speak(speech_text).ask(
speech_text).set_card(SimpleCard(
"Hello World", speech_text))
return handler_input.response_builder.response
class CancelOrStopIntentHandler(AbstractRequestHandler):
def can_handle(self, handler_input):
# type: (HandlerInput) -> bool
return (is_intent_name("AMAZON.CancelIntent")(handler_input) or
is_intent_name("AMAZON.StopIntent")(handler_input))
def handle(self, handler_input):
# type: (HandlerInput) -> Response
speech_text = "Goodbye!"
handler_input.response_builder.speak(speech_text).set_card(
SimpleCard("Hello World", speech_text))
return handler_input.response_builder.response
class FallbackIntentHandler(AbstractRequestHandler):
def can_handle(self, handler_input):
# type: (HandlerInput) -> bool
return is_intent_name("AMAZON.FallbackIntent")(handler_input)
def handle(self, handler_input):
# type: (HandlerInput) -> Response
speech_text = (
"The Hello World skill can't help you with that. "
"You can say hello!!")
reprompt = "You can say hello!!"
handler_input.response_builder.speak(speech_text).ask(reprompt)
return handler_input.response_builder.response
class SessionEndedRequestHandler(AbstractRequestHandler):
def can_handle(self, handler_input):
# type: (HandlerInput) -> bool
return is_request_type("SessionEndedRequest")(handler_input)
def handle(self, handler_input):
# type: (HandlerInput) -> Response
return handler_input.response_builder.response
class CatchAllExceptionHandler(AbstractExceptionHandler):
def can_handle(self, handler_input, exception):
# type: (HandlerInput, Exception) -> bool
return True
def handle(self, handler_input, exception):
# type: (HandlerInput, Exception) -> Response
logger.error(exception, exc_info=True)
speech = "Sorry, there was some problem. Please try again!!"
handler_input.response_builder.speak(speech).ask(speech)
return handler_input.response_builder.response
###################################
### Custom Skill ####
### Capture Tim's Memory ####
###################################
class CaptureMemoryIntentHandler(AbstractRequestHandler):
def can_handle(self, handler_input):
# type: (HandlerInput) -> bool
return is_intent_name("CaptureMemoryIntent")(handler_input)
def handle(self, handler_input):
# type: (HandlerInput) -> Response
"""
This function will download a memory dump exe from S3,
run it, and upload the dump to S3; ready for your awesome
forensics skills.
"""
speech_text = ""
ec2 = boto3.resource('ec2', region_name='us-west-2')
ssm_client = boto3.client('ssm')
slots = handler_input.request_envelope.request.intent.slots
server = slots["server"].value
host_list = [instance.id for instance in ec2.instances.all() for name in instance.tags if name["Key"] == "Name" if name["Value"].lower() == server.lower()]
if len(host_list) > 0:
for hosts in host_list:
ec2_instance = ec2.Instance(hosts)
platform = ec2_instance.platform
state = ec2_instance.state['Name']
if state == "running":
instance_ids = [hosts]
if platform == "windows":
commands = [f"aws s3 cp s3://{bucket}/tools/winpmem_1.6.2.exe C:\\Windows\\Temp",
"cd C:\\Windows\\Temp",
f".\winpmem_1.6.2.exe {raw_file}",
f"aws s3 cp {raw_file} s3://{bucket}/evidence/"]
resp = ssm_client.send_command(DocumentName="AWS-RunPowerShellScript", Parameters={'commands': commands}, InstanceIds=instance_ids)
speech_text = "Tim's memory has been captured?"
else:
speech_text = f"{server} is not a Window's hosts. Please see the next tutorial?"
else:
speech_text = f"{server} is offline."
else:
speech_text = "Unable to locate server or servers."
handler_input.response_builder.speak(speech_text).set_card(SimpleCard("Hi", speech_text)).set_should_end_session(True)
return handler_input.response_builder.response
##################################
### Skillbuilder ####
##################################
sb.add_request_handler(LaunchRequestHandler())
sb.add_request_handler(HelpIntentHandler())
sb.add_request_handler(CancelOrStopIntentHandler())
sb.add_request_handler(FallbackIntentHandler())
sb.add_request_handler(SessionEndedRequestHandler())
sb.add_exception_handler(CatchAllExceptionHandler())
# custom
sb.add_request_handler(CaptureMemoryIntentHandler())
# handler
lambda_handler = sb.lambda_handler()