Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: network printers

From: Paul Asadoorian <Paul_Asadoorian () brown edu>
Date: Tue, 13 Dec 2005 10:59:26 -0500
All:

Wrote a little script that I use when pen testing:

http://pauldotcom.com/printerwalk.sh

It uses the default SNMP password to walk the printer Mibs.  It would be
nice to integrate this tool with libPJL from phenoelit.  If you mod it,
please share (it needs some work).

Paul
--
paul () pauldotcom com
http://pauldotcom.com

perrymonj () networkarmor com wrote:

Printers are the first thing I look for to perform a stealthy interal pen test.

Nmap port 9100 and idle scan the inside.

Also good place for an attacker to store files but I don't store files during a pen test.

I guess it would also be a good place to gain information if you had the time to spend.

My favorite is to change the display greeting. Hehe

J. Perrymon
On the road- This is from my BlackBerry

-----Original Message-----
From: Justin <justinvinn () gmail com>
Date: Mon, 12 Dec 2005 17:50:04 
To:mark_brunner () hotmail com
Cc:pen-test () lists securityfocus com
Subject: Re: network printers

Mark,

I have found that pft from http://www.phenoelit.de is quite helpful
when performing audits on printers.

Unfortunatly, I have yet to see a guide to securing printers, although
FX's chapter in_Stealing The Network: How to 0wn_ the box, was quite
infomative on the subject of attacking a networked printer (BTW, his
chapter was "h3X's adventures in networkland").

Compromising a printer can yeild some useful results, especially if
its an HP printer with Java installed. Also, you may have gained some
admin passwords to try.

And on a somewhat childish side note, if you telnet to port 9100 on a
printer, type a few lines and then kill the connection via ^], the
printer will print out what you typed, although it will be
unformatted.

Hope some of that helped.

-- Justin

On 12/10/05, Mark Brunner <mark_brunner () hotmail com> wrote:


Haven't looked at printers in a while.
Are there any best practices hardening and audit docs for printers?

Mark

-----Original Message-----
From: Ben Nagy [mailto:ben () iagu net]
Sent: Saturday, December 10, 2005 1:24 AM
To: pen-test () lists securityfocus com
Subject: RE: empty sa passwords on network printers ??


Not sure what you mean by SA password, but HP printers run Java, which is
turing complete. If you have full access to the printer you can make it do
absolutely anything you want - it's just as good (or better) as owning a
workstation.

Check out some of the phenoelit stuff to scare yourself:
http://www.phenoelit.de/stuff/defconX.pdf

Cheers,

ben



-----Original Message-----
From: Jason Rusch [mailto:rusch.j () gmail com]
Sent: Saturday, December 10, 2005 2:51 AM
To: pen-test () lists securityfocus com
Subject: empty sa passwords on network printers ??

curious whats peoples opinion on the risk level etc concerning empty
SA passwords on network printers?


Jason P. Rusch, CISSP
Sr. Information Security Administrator
Infosec-rusch
Tampa, FL 33619



----------------------------------------------------------------------------
--
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers
do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------------
---



------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------





------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------




-- 
Paul Asadoorian, GCIA, GCIH
Brown University
3 Davol Square
Suite B 250, Campus Box 1885
Providence, RI 02903

Phone: 401.863.7553

"You cannot achieve the impossible without attempting the absurd."

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: