Penetration Testing mailing list archives
Re: Dumping Data From Printers
From: "Jon R. Kibler" <Jon.Kibler () aset com>
Date: Wed, 07 May 2008 16:57:56 -0400
ahgaber_rehan () yahoo com wrote:
I wonder if there is a tool that can enable a person to dump the print jobs , or data sent to Network Printers?Another questionwhat would be the greatest risk if network admin leave Network printers without password protected.i can telnet to the printer, gain access to the configuration file, which can enable me to stop the printer function, changing network configuration. But istill see the greatest risk is getting the printed data. any one can advice on this ??
You would be surprised what an nmap of most printers will find. For non-HP low-end to mid-range printers, you will find they are often running NetBSD. And this is usually an ancient, unpatched version with known exploitable vulnerabilities. If the printer is a high-end printer, it is probably running some unpatched version of Windows or Solaris. Again, O/Ses with well known exploitable vulnerabilities. You would be amazed how easy it is to take over a printer. Once you do, then it becomes trivial to send a copy of all print jobs to some ftp server somewhere. And try to get a printer manufacturer to get even 1/10000th a clue. Jon Kibler -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 m: 843-224-2494 ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Dumping Data From Printers ahgaber_rehan (May 07)
- Re: Dumping Data From Printers Ed Baker (May 07)
- RE: Dumping Data From Printers Newton, Preston (May 07)
- Re: Dumping Data From Printers Robin Wood (May 07)
- RE: Dumping Data From Printers Shenk, Jerry A (May 07)
- Re: Dumping Data From Printers Jon R. Kibler (May 07)
- Re: Dumping Data From Printers sherwyn . williams (May 07)
- Re: Dumping Data From Printers David Howe (May 08)
- RE: Dumping Data From Printers Paul Melson (May 08)
- Re: Dumping Data From Printers Gary Warner (May 08)
- RE: Dumping Data From Printers Vukovics Péter (May 09)