Re: network printers

From: Paul Asadoorian (Paul_Asadoorian@brown.edu)
Date: Tue Dec 13 2005 - 10:59:26 EST


All:

Wrote a little script that I use when pen testing:

http://pauldotcom.com/printerwalk.sh

It uses the default SNMP password to walk the printer Mibs. It would be
nice to integrate this tool with libPJL from phenoelit. If you mod it,
please share (it needs some work).

Paul

--
paul@pauldotcom.com
http://pauldotcom.com
perrymonj@networkarmor.com wrote:
> Printers are the first thing I look for to perform a stealthy interal pen test.
> 
> Nmap port 9100 and idle scan the inside.
> 
> Also good place for an attacker to store files but I don't store files during a pen test.
> 
> I guess it would also be a good place to gain information if you had the time to spend.
> 
> My favorite is to change the display greeting. Hehe
> 
> J. Perrymon
> On the road- This is from my BlackBerry
> 
> -----Original Message-----
> From: Justin <justinvinn@gmail.com>
> Date: Mon, 12 Dec 2005 17:50:04 
> To:mark_brunner@hotmail.com
> Cc:pen-test@lists.securityfocus.com
> Subject: Re: network printers
> 
> Mark,
> 
> I have found that pft from http://www.phenoelit.de is quite helpful
> when performing audits on printers.
> 
> Unfortunatly, I have yet to see a guide to securing printers, although
> FX's chapter in_Stealing The Network: How to 0wn_ the box, was quite
> infomative on the subject of attacking a networked printer (BTW, his
> chapter was "h3X's adventures in networkland").
> 
> Compromising a printer can yeild some useful results, especially if
> its an HP printer with Java installed. Also, you may have gained some
> admin passwords to try.
> 
> And on a somewhat childish side note, if you telnet to port 9100 on a
> printer, type a few lines and then kill the connection via ^], the
> printer will print out what you typed, although it will be
> unformatted.
> 
> Hope some of that helped.
> 
> -- Justin
> 
> On 12/10/05, Mark Brunner <mark_brunner@hotmail.com> wrote:
> 
>>Haven't looked at printers in a while.
>>Are there any best practices hardening and audit docs for printers?
>>
>>Mark
>>
>>-----Original Message-----
>>From: Ben Nagy [mailto:ben@iagu.net]
>>Sent: Saturday, December 10, 2005 1:24 AM
>>To: pen-test@lists.securityfocus.com
>>Subject: RE: empty sa passwords on network printers ??
>>
>>
>>Not sure what you mean by SA password, but HP printers run Java, which is
>>turing complete. If you have full access to the printer you can make it do
>>absolutely anything you want - it's just as good (or better) as owning a
>>workstation.
>>
>>Check out some of the phenoelit stuff to scare yourself:
>>http://www.phenoelit.de/stuff/defconX.pdf
>>
>>Cheers,
>>
>>ben
>>
>>
>>>-----Original Message-----
>>>From: Jason Rusch [mailto:rusch.j@gmail.com]
>>>Sent: Saturday, December 10, 2005 2:51 AM
>>>To: pen-test@lists.securityfocus.com
>>>Subject: empty sa passwords on network printers ??
>>>
>>>curious whats peoples opinion on the risk level etc concerning empty
>>>SA passwords on network printers?
>>>
>>>
>>>Jason P. Rusch, CISSP
>>>Sr. Information Security Administrator
>>>Infosec-rusch
>>>Tampa, FL 33619
>>
>>
>>----------------------------------------------------------------------------
>>--
>>Audit your website security with Acunetix Web Vulnerability Scanner:
>>
>>Hackers are concentrating their efforts on attacking applications on your
>>website. Up to 75% of cyber attacks are launched on shopping carts, forms,
>>login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
>>futile against web application hacking. Check your website for
>>vulnerabilities
>>to SQL injection, Cross site scripting and other web attacks before hackers
>>do!
>>Download Trial at:
>>
>>http://www.securityfocus.com/sponsor/pen-test_050831
>>----------------------------------------------------------------------------
>>---
>>
>>
>>
>>------------------------------------------------------------------------------
>>Audit your website security with Acunetix Web Vulnerability Scanner:
>>
>>Hackers are concentrating their efforts on attacking applications on your
>>website. Up to 75% of cyber attacks are launched on shopping carts, forms,
>>login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
>>futile against web application hacking. Check your website for vulnerabilities
>>to SQL injection, Cross site scripting and other web attacks before hackers do!
>>Download Trial at:
>>
>>http://www.securityfocus.com/sponsor/pen-test_050831
>>-------------------------------------------------------------------------------
>>
>>
> 
> 
> ------------------------------------------------------------------------------
> Audit your website security with Acunetix Web Vulnerability Scanner:
> 
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
> futile against web application hacking. Check your website for vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before hackers do!
> Download Trial at:
> 
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------------------
> 
> 
-- 
Paul Asadoorian, GCIA, GCIH
Brown University
3 Davol Square
Suite B 250, Campus Box 1885
Providence, RI 02903
Phone: 401.863.7553
"You cannot achieve the impossible without attempting the absurd."
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:15 EDT