Find open ports (22, 9000, 35537, 36499, 39181, 40241, 43355, 44217, 44227, 45545, 52365, 56188, 59882, 61770)
Find port 9000 is running Ray Dashboard
The docs button also led to a guide on Ray Dashboard:
Find and execute an exploit for Ray Dashboard
This GitHub submitted issue suggests there is an unauthenticated RCE for versions of the Ray Dashboard ⇐ 2.6.3. I’m unsure of the version installed on this instance, but it’s worth looking into.
I obtain a reverse shell as root using the POC from this GitHub repo.
Obtain proof.txt
