084 remote code execution of samba using cve-2017-7494 vulnerability

stay CTF In the game , There are two common competition environments ：

1. Given to attack aircraft and range machines in the same LAN , Usually, the Web、Misc（ miscellaneous ）、Android（ Mobile Security ）、Crypto（ cryptography ）、Pwn（ Overflow problem ）、Reverse（ reverse ） Can access the attacker , Infiltrate the range machine through the attack machine , Get the corresponding flag value ,（ In general, the event organizer will provide Kali Linux As an attacker , And the organizer provides computer hardware equipment , You don't have to carry a computer to participate in ） It is common in various online and offline network security competitions in China , Common patterns are ：

Attack and defense mode ： The contestants are divided into two teams , Each team is assigned a computing environment —— Maybe it's just a server . The two teams have the same task ： Attack the opponent's system , And can defend your own system . Each system contains some flag For the attacker to find and seize .

Problem solving mode ： Many teams compete to solve the problem of different scores on the question board . The team that solves the problem and finds the flag can submit it to the scoring system , Score accordingly , And continue to face the next problem . At the end of the time , The team with the highest score wins .

Shanwang mode ： Each team tries to take control of the server and keep it . At the end of the time, the team that has the longest grasp of the server wins . This mode is attack and defense CTF A variation of .

Web：CTF The main questions in the flag race , It involves common Web Loophole , Such as injection 、XSS、 File contains 、 Code execution 、 Upload and other vulnerabilities .

Crypto：Crypto Cryptography , The topic examines various encryption and decryption technologies , Including classical encryption technology 、 Modern encryption and decryption technology and even the author's own encryption technology .

Reverse:Reverse Reverse engineering , It involves software reverse engineering 、 Crack technology, etc , Strong disassembly skills are required 、 Solid foundation of decompilation .

PWN:PWN Among hackers, it represents breaking , Get access to ,CTF The competition represents overflow problems , The common type of overflow vulnerability is stack overflow , Heap overflow .

2. Provide a network cable interface in advance , User owned tools , Direct connection network cable , Infiltrate the range machine , Get the corresponding flag value ;