Penetration Testing mailing list archives
RE: network printers
From: "McHenry, Glenn CTO1" <gmchenry () princeton navy mil>
Date: Mon, 12 Dec 2005 09:42:27 -0800
We deploy several HP networked printers. We go in and set the SA password on them all as well as disabling ftp access. We learned the hard way about the jetdirect cards and not setting SA passwords when we performed pen-testing on them. If you try to telnet to one and can't, you can perform a coldstart to reset the settings to factory default and then go in again. Glenn McHenry Lan Manager USS Princeton -----Original Message----- From: Mark Brunner [mailto:mark_brunner () hotmail com] Sent: Saturday, December 10, 2005 2:30 AM To: pen-test () lists securityfocus com Subject: network printers Haven't looked at printers in a while. Are there any best practices hardening and audit docs for printers? Mark -----Original Message----- From: Ben Nagy [mailto:ben () iagu net] Sent: Saturday, December 10, 2005 1:24 AM To: pen-test () lists securityfocus com Subject: RE: empty sa passwords on network printers ?? Not sure what you mean by SA password, but HP printers run Java, which is turing complete. If you have full access to the printer you can make it do absolutely anything you want - it's just as good (or better) as owning a workstation. Check out some of the phenoelit stuff to scare yourself: http://www.phenoelit.de/stuff/defconX.pdf Cheers, ben
-----Original Message----- From: Jason Rusch [mailto:rusch.j () gmail com] Sent: Saturday, December 10, 2005 2:51 AM To: pen-test () lists securityfocus com Subject: empty sa passwords on network printers ?? curious whats peoples opinion on the risk level etc concerning empty SA passwords on network printers? Jason P. Rusch, CISSP Sr. Information Security Administrator Infosec-rusch Tampa, FL 33619
---------------------------------------------------------------------------- -- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ---------------------------------------------------------------------------- --- ---------------------------------------------------------------------------- -- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ---------------------------------------------------------------------------- --- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- RE: network printers Todd Towles (Dec 12)
- <Possible follow-ups>
- RE: network printers McHenry, Glenn CTO1 (Dec 12)
- Re: network printers DMORROW5 (Dec 16)