Penetration Testing mailing list archives
Re: Dumping Data From Printers
From: David Howe <DaveHowe.Pentest () googlemail com>
Date: Thu, 08 May 2008 11:19:39 +0100
sherwyn.williams () gmail com wrote:
Irongeek has some nice things you can do with a printer, use it as an ftp to store data, browse stored print jobs, change printer displays and the list goes on. But apart from that maybe there is a way to run or launch apps from the printer just someone find out more info do tell.
Depends too much on the printer. some of the larger network-attached printers or scanner-printers run an os - varying between dos, unpatched windows nt, windows 2000 or linux. quite a few support ftp and can be used to relay or mask an attack by fxp techniques. at least one linux based box I know of is happy to accept ssh connections, open tunnels (which are a delight in themselves of course) and if opened to loopback addresses, a mysql database with no-password "root" access available.... ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Dumping Data From Printers ahgaber_rehan (May 07)
- Re: Dumping Data From Printers Ed Baker (May 07)
- RE: Dumping Data From Printers Newton, Preston (May 07)
- Re: Dumping Data From Printers Robin Wood (May 07)
- RE: Dumping Data From Printers Shenk, Jerry A (May 07)
- Re: Dumping Data From Printers Jon R. Kibler (May 07)
- Re: Dumping Data From Printers sherwyn . williams (May 07)
- Re: Dumping Data From Printers David Howe (May 08)
- RE: Dumping Data From Printers Paul Melson (May 08)
- Re: Dumping Data From Printers Gary Warner (May 08)
- RE: Dumping Data From Printers Vukovics Péter (May 09)