Ray¶
Enumerate and exploit Ray dashboard and jobs API.
Overview¶
The ray module targets Ray cluster dashboards, covering metadata enumeration, job listing, log reads, artifact correlation, guarded proof-job submission, and runtime environment validation. It follows a jobs-to-takeover progression with proof-stage metadata on findings.
The jobs API client supports both JSON array responses (Ray 2.10+) and object-wrapped formats from older versions. The jobs command extracts runtime_env and env_vars from each job and emits critical-severity findings when credentials or secrets are found in job environment variables.
Subcommands¶
Read-Only (no --force-exploit required)¶
| Subcommand | Description |
|---|---|
enum |
Dashboard metadata and version |
jobs |
List visible jobs |
job-logs |
Read job detail and logs |
job-artifacts |
Extract artifact and log references from a job |
Gated (requires --force-exploit)¶
| Subcommand | Description |
|---|---|
submit |
Submit a proof job through the jobs API |
runtime-env |
Validate runtime_env submission for a job |
pip-inject |
Prove pip injection via runtime_env (arbitrary package install on cluster workers) |
cluster-info |
Exfiltrate cluster resource and node information (IPs, CPU/GPU counts, alive status) |
Flags¶
| Flag | Required | Description |
|---|---|---|
--target |
Yes | Ray dashboard URL (e.g., http://127.0.0.1:8265) |
--header |
No | Custom HTTP headers. Repeatable. |
--job-id |
For job-logs, job-artifacts, runtime-env |
Job ID to inspect |
--entrypoint |
For submit |
Job entrypoint command |
--runtime-env-json |
For submit |
Runtime environment JSON |
--proof-preset |
For submit |
Proof preset name |
Proof Presets¶
The submit command supports pre-built proof payloads:
| Preset | Description |
|---|---|
env-disclosure |
Dump environment variables |
env-marked |
Write a marker to environment |
fs-survey |
Survey filesystem paths |
runtime-survey |
Survey runtime environment |
beacon |
Send a beacon request |
python-print |
Simple Python print statement |
Examples¶
# Enumerate dashboard
./aipostex ray --target http://127.0.0.1:8265 enum
# List jobs
./aipostex ray --target http://127.0.0.1:8265 jobs
# Read job logs
./aipostex ray --target http://127.0.0.1:8265 job-logs --job-id job-1
# Extract job artifacts
./aipostex ray --target http://127.0.0.1:8265 job-artifacts --job-id job-1
# Submit proof job (gated)
./aipostex ray --target http://127.0.0.1:8265 submit \
--proof-preset env-disclosure --force-exploit
# Validate runtime-env (gated)
./aipostex ray --target http://127.0.0.1:8265 runtime-env \
--job-id job-1 --force-exploit
# Prove pip injection via runtime_env (gated)
./aipostex ray --target http://127.0.0.1:8265 pip-inject --force-exploit
# Exfiltrate cluster resource info (gated)
./aipostex ray --target http://127.0.0.1:8265 cluster-info --force-exploit
Proof Stages¶
Ray findings carry proof-stage metadata:
| Stage | Example |
|---|---|
reachable |
Dashboard responds |
read-confirmed |
Job logs successfully read |
execution-confirmed |
Proof job ran and produced output |
takeover-capable |
Runtime environment allows arbitrary code |
cluster-visible |
Cluster resources and node data extracted |
pip-injectable |
Arbitrary pip packages installable on workers |
Workflow Progression¶
discover network (discovers Ray on :8265)
→ ray enum (dashboard metadata)
→ ray jobs (list visible jobs)
→ ray job-logs --job-id <id> (read logs)
→ ray job-artifacts --job-id <id> (correlate artifacts)
→ ray submit --proof-preset <preset> (proof of execution, gated)
→ ray runtime-env --job-id <id> (validate takeover, gated)
→ ray pip-inject (prove pip injection, gated)
→ ray cluster-info (exfiltrate cluster resources, gated)