|
Penetration Testing
mailing list archives
Re: Dumping Data From Printers
From: "Jon R. Kibler" <Jon.Kibler () aset com>
Date: Wed, 07 May 2008 16:57:56 -0400
ahgaber_rehan () yahoo com wrote:
I wonder if there is a tool that can enable a person to dump the print jobs , or data sent to Network Printers?
Another question
what would be the greatest risk if network admin leave Network printers without password protected.
i can telnet to the printer, gain access to the configuration file, which can enable me to stop the printer function, changing network configuration.
But istill see the greatest risk is getting the printed data. any one can advice on this ??
You would be surprised what an nmap of most printers will find. For non-HP low-end
to mid-range printers, you will find they are often running NetBSD. And this is
usually an ancient, unpatched version with known exploitable vulnerabilities.
If the printer is a high-end printer, it is probably running some unpatched version
of Windows or Solaris. Again, O/Ses with well known exploitable vulnerabilities.
You would be amazed how easy it is to take over a printer. Once you do, then it
becomes trivial to send a copy of all print jobs to some ftp server somewhere.
And try to get a printer manufacturer to get even 1/10000th a clue.
Jon Kibler
--
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC USA
o: 843-849-8214
m: 843-224-2494
==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
|
Intro
