{
  "entrypoint_kind": "tcp_peer",
  "entrypoint_detail": "SMB print job submission to Samba [testprn] printer share over TCP 445 (guest/anonymous); client opens crafted filename on printable share, writes spool data, closes -> server runs print command with %J = jobname via system()",
  "service_started": true,
  "healthcheck_passed": true,
  "target_path_reached": true,
  "runtime_stack": [
    "smbd 4.22.9 (vulnerable)",
    "smbd 4.22.10 (fixed/negative-control)",
    "impacket SMBConnection client"
  ],
  "proof_artifacts": [
    "artifacts/smb-vuln/printlog.txt",
    "artifacts/smb-vuln/marker_check.txt",
    "artifacts/smb-vuln/exploit_output.txt",
    "artifacts/smb-vuln/has_id_output.txt",
    "artifacts/smb-fixed/printlog.txt",
    "artifacts/smb-fixed/marker_check.txt",
    "artifacts/smb-fixed/exploit_output.txt",
    "artifacts/smb-fixed/has_id_output.txt",
    "logs/reproduction_steps.log"
  ],
  "notes": "Vulnerable: printlog has uid= (id output) + marker file -> RCE. Fixed: printlog has literal masked string, no marker -> blocked."
}