Re: network printers



All:

Wrote a little script that I use when pen testing:

http://pauldotcom.com/printerwalk.sh

It uses the default SNMP password to walk the printer Mibs. It would be
nice to integrate this tool with libPJL from phenoelit. If you mod it,
please share (it needs some work).

Paul
--
paul@xxxxxxxxxxxxxx
http://pauldotcom.com

perrymonj@xxxxxxxxxxxxxxxx wrote:
> Printers are the first thing I look for to perform a stealthy interal pen test.
>
> Nmap port 9100 and idle scan the inside.
>
> Also good place for an attacker to store files but I don't store files during a pen test.
>
> I guess it would also be a good place to gain information if you had the time to spend.
>
> My favorite is to change the display greeting. Hehe
>
> J. Perrymon
> On the road- This is from my BlackBerry
>
> -----Original Message-----
> From: Justin <justinvinn@xxxxxxxxx>
> Date: Mon, 12 Dec 2005 17:50:04
> To:mark_brunner@xxxxxxxxxxx
> Cc:pen-test@xxxxxxxxxxxxxxxxxxxxxxx
> Subject: Re: network printers
>
> Mark,
>
> I have found that pft from http://www.phenoelit.de is quite helpful
> when performing audits on printers.
>
> Unfortunatly, I have yet to see a guide to securing printers, although
> FX's chapter in_Stealing The Network: How to 0wn_ the box, was quite
> infomative on the subject of attacking a networked printer (BTW, his
> chapter was "h3X's adventures in networkland").
>
> Compromising a printer can yeild some useful results, especially if
> its an HP printer with Java installed. Also, you may have gained some
> admin passwords to try.
>
> And on a somewhat childish side note, if you telnet to port 9100 on a
> printer, type a few lines and then kill the connection via ^], the
> printer will print out what you typed, although it will be
> unformatted.
>
> Hope some of that helped.
>
> -- Justin
>
> On 12/10/05, Mark Brunner <mark_brunner@xxxxxxxxxxx> wrote:
>
>>Haven't looked at printers in a while.
>>Are there any best practices hardening and audit docs for printers?
>>
>>Mark
>>
>>-----Original Message-----
>>From: Ben Nagy [mailto:ben@xxxxxxxx]
>>Sent: Saturday, December 10, 2005 1:24 AM
>>To: pen-test@xxxxxxxxxxxxxxxxxxxxxxx
>>Subject: RE: empty sa passwords on network printers ??
>>
>>
>>Not sure what you mean by SA password, but HP printers run Java, which is
>>turing complete. If you have full access to the printer you can make it do
>>absolutely anything you want - it's just as good (or better) as owning a
>>workstation.
>>
>>Check out some of the phenoelit stuff to scare yourself:
>>http://www.phenoelit.de/stuff/defconX.pdf
>>
>>Cheers,
>>
>>ben
>>
>>
>>>-----Original Message-----
>>>From: Jason Rusch [mailto:rusch.j@xxxxxxxxx]
>>>Sent: Saturday, December 10, 2005 2:51 AM
>>>To: pen-test@xxxxxxxxxxxxxxxxxxxxxxx
>>>Subject: empty sa passwords on network printers ??
>>>
>>>curious whats peoples opinion on the risk level etc concerning empty
>>>SA passwords on network printers?
>>>
>>>
>>>Jason P. Rusch, CISSP
>>>Sr. Information Security Administrator
>>>Infosec-rusch
>>>Tampa, FL 33619
>>
>>
>>----------------------------------------------------------------------------
>>--
>>Audit your website security with Acunetix Web Vulnerability Scanner:
>>
>>Hackers are concentrating their efforts on attacking applications on your
>>website. Up to 75% of cyber attacks are launched on shopping carts, forms,
>>login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
>>futile against web application hacking. Check your website for
>>vulnerabilities
>>to SQL injection, Cross site scripting and other web attacks before hackers
>>do!
>>Download Trial at:
>>
>>http://www.securityfocus.com/sponsor/pen-test_050831
>>----------------------------------------------------------------------------
>>---
>>
>>
>>
>>------------------------------------------------------------------------------
>>Audit your website security with Acunetix Web Vulnerability Scanner:
>>
>>Hackers are concentrating their efforts on attacking applications on your
>>website. Up to 75% of cyber attacks are launched on shopping carts, forms,
>>login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
>>futile against web application hacking. Check your website for vulnerabilities
>>to SQL injection, Cross site scripting and other web attacks before hackers do!
>>Download Trial at:
>>
>>http://www.securityfocus.com/sponsor/pen-test_050831
>>-------------------------------------------------------------------------------
>>
>>
>
>
> ------------------------------------------------------------------------------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
> futile against web application hacking. Check your website for vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------------------
>
>

--
Paul Asadoorian, GCIA, GCIH
Brown University
3 Davol Square
Suite B 250, Campus Box 1885
Providence, RI 02903

Phone: 401.863.7553

"You cannot achieve the impossible without attempting the absurd."

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



Relevant Pages

  • network printers
    ... Haven't looked at printers in a while. ... Subject: RE: empty sa passwords on network printers ?? ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping carts, forms, ...
    (Pen-Test)
  • Re: network printers
    ... Unfortunatly, I have yet to see a guide to securing printers, although ... Information Security Administrator ... > Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping carts, forms, ...
    (Pen-Test)
  • Re: network printers
    ... Printers are the first thing I look for to perform a stealthy interal pen test. ... > Subject: RE: empty sa passwords on network printers ?? ... > Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping carts, forms, ...
    (Pen-Test)
  • Re: Experiences with company nCircle and their IP360 product
    ... We've got fairly new Lexmark printers that exhibit this behavior so I'm ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ...
    (Pen-Test)
  • RE: network printers
    ... > Haven't looked at printers in a while. ... > Are there any best practices hardening and audit docs for printers? ... Cross site scripting and other web attacks before hackers do! ...
    (Pen-Test)