All:
Wrote a little script that I use when pen testing:
http://pauldotcom.com/printerwalk.sh
It uses the default SNMP password to walk the printer Mibs. It would be
nice to integrate this tool with libPJL from phenoelit. If you mod it,
please share (it needs some work).
Paul
--
paul@pauldotcom.com
http://pauldotcom.com
perrymonj@networkarmor.com wrote:
Printers are the first thing I look for to perform a stealthy interal pen
test.
Nmap port 9100 and idle scan the inside.
Also good place for an attacker to store files but I don't store files during
a pen test.
I guess it would also be a good place to gain information if you had the time
to spend.
My favorite is to change the display greeting. Hehe
J. Perrymon
On the road- This is from my BlackBerry
-----Original Message-----
From: Justin <justinvinn@gmail.com>
Date: Mon, 12 Dec 2005 17:50:04
To:mark_brunner@hotmail.com
Cc:pen-test@lists.securityfocus.com
Subject: Re: network printers
Mark,
I have found that pft from http://www.phenoelit.de is quite helpful
when performing audits on printers.
Unfortunatly, I have yet to see a guide to securing printers, although
FX's chapter in_Stealing The Network: How to 0wn_ the box, was quite
infomative on the subject of attacking a networked printer (BTW, his
chapter was "h3X's adventures in networkland").
Compromising a printer can yeild some useful results, especially if
its an HP printer with Java installed. Also, you may have gained some
admin passwords to try.
And on a somewhat childish side note, if you telnet to port 9100 on a
printer, type a few lines and then kill the connection via ^], the
printer will print out what you typed, although it will be
unformatted.
Hope some of that helped.
-- Justin
On 12/10/05, Mark Brunner <mark_brunner@hotmail.com> wrote:
Haven't looked at printers in a while.
Are there any best practices hardening and audit docs for printers?
Mark
-----Original Message-----
From: Ben Nagy [mailto:ben@iagu.net]
Sent: Saturday, December 10, 2005 1:24 AM
To: pen-test@lists.securityfocus.com
Subject: RE: empty sa passwords on network printers ??
Not sure what you mean by SA password, but HP printers run Java, which is
turing complete. If you have full access to the printer you can make it do
absolutely anything you want - it's just as good (or better) as owning a
workstation.
Check out some of the phenoelit stuff to scare yourself:
http://www.phenoelit.de/stuff/defconX.pdf
Cheers,
ben
-----Original Message-----
From: Jason Rusch [mailto:rusch.j@gmail.com]
Sent: Saturday, December 10, 2005 2:51 AM
To: pen-test@lists.securityfocus.com
Subject: empty sa passwords on network printers ??
curious whats peoples opinion on the risk level etc concerning empty
SA passwords on network printers?
Jason P. Rusch, CISSP
Sr. Information Security Administrator
Infosec-rusch
Tampa, FL 33619
----------------------------------------------------------------------------
--
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers
do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------------
---
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers
do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers
do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
--
Paul Asadoorian, GCIA, GCIH
Brown University
3 Davol Square
Suite B 250, Campus Box 1885
Providence, RI 02903
Phone: 401.863.7553
"You cannot achieve the impossible without attempting the absurd."
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
