Home page logo

pen-test logo Penetration Testing mailing list archives

RE: Using a Stand-Alone Network Printer as a network attack entry point?
From: "Brewis, Mark" <mark.brewis () eds com>
Date: Fri, 16 Aug 2002 18:36:04 +0100


Not such a stupid idea - we have come up with several scenarios in the past
using printers to compromise networks, but only once inside a network.

Many printers are crammed full of functionality, something I've alluded to
in previous posts (not necessarily to this list.)  Web server management
interfaces and ftp servers are common, and some file server functionality
isn't uncommon.

One printer manufacturer provided proxy functionality from the printer to
another web server, to facilitate central management and configuration of an
enterprise print environment.  We guessed the (trivial) admin password,
grabbed the web pages off the printer, and configured the printer to use a
host of our choice as proxy.  We didn't have time to take the scenario any
further, but there were several interesting possibilities, including some
custom JavaScript with teeth.

The idea here would be to take a SNP and modify a ROM image for the
specific printer to include the proxy functionality. I
realize this could turn out to be quite difficult,<<

Difficult to do at the technical level - a lot of the printer code is really
odd, based on custom OS and file systems.  But someone wrote it, so someone
else can write a hacked up version.

but at the same time, it would provide a way into the internal network
when no others are available.<<

Are you looking at this as an internal exploit, or trying to trojan printers
before installation?  I could see it working in the first instance, but it
being a potentially intractable problem in the second instance.


Mark Brewis

Security Consultant
Information Assurance Group
Wavendon Tower
Milton Keynes
MK17 8LX.

Tel:    +44 (0)1908 28 4234/4013
Fax:    +44 (0)1908 28 4393
E@:     mark.brewis () eds com
PGP Key ID: C36D 770F 49F7 CC91 2E5A  A2BE FE6E CD43 E6CD 9184

This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:

  By Date           By Thread  

Current thread:
  • RE: Using a Stand-Alone Network Printer as a network attack entry point? Brewis, Mark (Aug 16)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]