Penetration Testing: Re: Dumping Data From Printers

[David Howe <DaveHowe.Pentest () googlemail com>]

sherwyn.williams () gmail com wrote:
> Irongeek has some nice things you can do with a printer, use it as an
> ftp to store data, browse stored print jobs, change printer displays
> and the list goes on.
>
> But apart from that maybe there is a way to run or launch apps from
> the printer just someone find out more info do tell.
Depends too much on the printer. some of the larger network-attached
printers or scanner-printers run an os - varying between dos, unpatched
windows nt, windows 2000 or linux.

quite a few support ftp and can be used to relay or mask an attack by
fxp techniques. at least one linux based box I know of is happy to
accept ssh connections, open tunnels (which are a delight in themselves
of course) and if opened to loopback addresses, a mysql database with
no-password "root" access available....

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------