Penetration Testing: Re: Dumping Data From Printers

[Ed Baker <ed () webspecdesign com>]

I know that newer HP JetDirects and other models come equipped with hard 
drives (or flash memory) and sometimes even web servers installed, not 
just Telnet daemons. There was a research paper done a few years back 
which detailed what all could be done with a compromised printer, I 
can't find it at the moment. File storage, proxies, jirc servers for 
people to anonymously connect to - it's all possible, and very interesting.
Good rule of thumb: If it has an option to use or change a password, 
then use a password, or change it from the default factory setting and 
treat any network device like it will be compromised, even if it's just 
a printer.



ahgaber_rehan () yahoo com wrote:
> I wonder if there is a tool that can enable a person to dump the print jobs , or data sent to Network Printers?
>
>
>
> Another question 
>
>
> what would be the greatest risk if network admin leave Network printers without password protected.
>
>
>
> i can telnet to the printer, gain access to the configuration file, which can enable me to stop the printer function, changing network configuration. 
>
> But istill see the greatest risk is getting the printed data. any one can advice on this ??
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>
>
>   
------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------