Skip to content

pyLoader -- Proving Grounds (write-up)

Difficulty: Easy / Beginner Box: pyLoader (Proving Grounds) Author: dsec Date: 2025-05-19

TL;DR

Quick box. Enumeration and exploitation were straightforward from the screenshots.

Target info

  • Host: Proving Grounds target
  • Services discovered via nmap

Enumeration

Nmap results

Web enumeration

Exploitation

Exploit execution

Root

Lessons & takeaways

  • pyLoad has known RCE vulnerabilities -- check the version and search for public exploits
  • Some boxes are straightforward once you identify the service