Hacking Network Printers - Mostly HP JetDirects, but a little info on the Ricoh Savins

["Crenshaw, Adrian D" <adrian () ius edu>]

Hacking Network Printers

(Mostly HP JetDirects, but a little info on the Ricoh Savins)

 

While it's only vaguely related to Nmap, a few of you expressed interest
in it when I posted about it last. Here is a link to my little article
on how network printers like JetDirects and Ricoh Savins can be hacked.
The web version can be found at:

 

http://www.irongeek.com/i.php?page=security/networkprinterhacking

 

I plan to do updates as needed, so please give me some feed back. I'd
like to hear from you all. Here is the table of contents to give you an
idea about the subject matter:

 

Intro to the concepts

Diagnostics page

JetDirect password notes

Controlling the JetDirect box with telnet/web browser

Controlling the finding JetDirect boxes with JetAdmin

Finding Network printers using Nmap and SNMP tools

Using a JetDirect box as an Nmap Idlescan Zombie

Setting up a direct IP printer in Windows and Linux

Side note on a Pharos Uniprint vulnerability

DoSing the network or the printer

Changing the LCD display text using HPhack, IGhphack or Hijetter       

Phenoelit's Hijetter and PFT

      Setting the LCD Display with Hijetter

      Changing settings with Hijetter

      Using Hijetter to treat some JetDirect boxes as files/web servers

      Finding stored faxes and print jobs on Jetdirect printers

Don't forget to look for Stored Documents via the web interface

Sniffing print jobs and replaying them

A note on Plain-text authentication protocols

Other Ideas

Links to Tools

Useful links for further research

Change Log

 

Thanks Fyodor for fixing the port 9100/tcp problem. 

 

Adrian



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev