Penetration Testing mailing list archives

Re: Dumping Data From Printers

From: David Howe <DaveHowe.Pentest () googlemail com>
Date: Thu, 08 May 2008 11:19:39 +0100

sherwyn.williams () gmail com wrote:

Irongeek has some nice things you can do with a printer, use it as an
ftp to store data, browse stored print jobs, change printer displays
and the list goes on.

But apart from that maybe there is a way to run or launch apps from
the printer just someone find out more info do tell.


Depends too much on the printer. some of the larger network-attached
printers or scanner-printers run an os - varying between dos, unpatched
windows nt, windows 2000 or linux.

quite a few support ftp and can be used to relay or mask an attack by
fxp techniques. at least one linux based box I know of is happy to
accept ssh connections, open tunnels (which are a delight in themselves
of course) and if opened to loopback addresses, a mysql database with
no-password "root" access available....

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Current thread:

Dumping Data From Printers ahgaber_rehan (May 07)
- Re: Dumping Data From Printers Ed Baker (May 07)
- RE: Dumping Data From Printers Newton, Preston (May 07)
- Re: Dumping Data From Printers Robin Wood (May 07)
- RE: Dumping Data From Printers Shenk, Jerry A (May 07)
- Re: Dumping Data From Printers Jon R. Kibler (May 07)
- Re: Dumping Data From Printers sherwyn . williams (May 07)
  - Re: Dumping Data From Printers David Howe (May 08)
- RE: Dumping Data From Printers Paul Melson (May 08)
  - Re: Dumping Data From Printers Gary Warner (May 08)
- RE: Dumping Data From Printers Vukovics Péter (May 09)