Re: Penetrating a PC through a printer device

> I was thinking about if a certain penetration test scenario was
> applicable. What if there was a target PC (that has no IP) connected to
> a printer through a parallel cable, where the printer has an IP and you
> had access to this printer through the network. Would you be able to
> compromise the connected target PC if you gained control of the printer?
> If so how. and if not why?

This'd be really hard to achieve and would have to depend upon several
different factors:
1) If I can root the printer, how much control do I get over it (e.g.
can I install my own code)?
2) Are there any bugs in the printer driver software?

In essence you'd need a printer where you can control your uploads to
it and know enough about the printer to be able rewrite the
parallel/usb/scsi responses. (A potential with some of the OS based
printers - I've seen printers running Windows 95 in the past!)

Then you need to find bugs in the printer driver so that you can
overflow the messages you send back. I'd think that this would be easy
to find (most printer drivers aren't written with security in mind),
but harder to exploit.

In conclusion: it would be technically feasible but the risk is
minimised dependant upon the environment.

Another thought, with modern FAX/IP printers, how easy would it be to
co-opt the FAX modem to provide ingress or egress to the network?

dave

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Relevant Pages

  • Re: Rookie question about differences between -S and -sI option
    ... same target as simple scan) but I obtained every port closed even if nmap ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ...
    (Pen-Test)
  • Re: Rookie question about differences between -S and -sI option
    ... same target as simple scan) but I obtained every port closed even if nmap scanned clearly the same target as the original trivial scan against xxx.xxx.xxx.50. ... Hackers are concentrating their efforts on attacking applications on your website. ... Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. ... Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! ...
    (Pen-Test)
  • Acunetix Web Vulnerability Scanner 4.0
    ... Audit your website security with Acunetix Web Vulnerability Scanner ... Web applications are ... against web application attacks since they are launched on port 80 - ... more likely to have undiscovered vulnerabilities. ...
    (comp.software.shareware.announce)
  • Penetrating a PC through a printer device
    ... compromise the connected target PC if you gained control of the printer? ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on your ... Cross site scripting and other web attacks before hackers do! ...
    (Pen-Test)
  • Topology discover
    ... I am used to pen-testing systems and the set of applications they ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on your ... Up to 75% of cyber attacks are launched on shopping carts, forms, ...
    (Pen-Test)