Another day in the security buiss
Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Another day in the security buiss

  1. #1
    Senior Member linuxcomando's Avatar
    Join Date
    Sep 2001
    Posts
    432

    Another day in the security buiss

    Hey, was up guys/gals?

    Haven't posted in quite a while;however, I thought i would throw this out.
    While doing a security audit for a large car dealership i found some interesting stuff. Their webserver was being DOS'ed from an internal ip address. Upon reviewing the logs it pointed to a printer. An Hp laserjet to be exact. Now I was rather excited because i had heard/read about printer hacking but never really had a chance to dive deep into the exploration of it. ( What better way to learn is there then to get paid for it ) Being that as it may be, We changed the ip addy of our websever back to its original with the printer on, and well it was hit by massive amounts of traffic by this printer. We turned the printer off and well, guess what, the traffic stopped. We turned it back on and yep it started again. I started reading up and performing tests of various kinds and i came up with this. Each of the hp printers has like 4megs of Ram but everyone knows that once off all memory is erased or what not, however these printers also had flash memory. which in this case had small piece of DOS software. Rather brilliant actually. I said wtf? And went to the HP website and found everything i ever really wanted to know about pcl, hp's printer language. I thought this was an awsome hack and thought id share it with you all.

  2. #2
    Top Gun Maverick811's Avatar
    Join Date
    Oct 2001
    Posts
    852
    Sounds rather interesting..

    Were you able to determine how the DoS code got placed into the flash memory in the first place?
    - Maverick

  3. #3
    Member
    Join Date
    Nov 2002
    Posts
    80
    Is it possible it could have been done remotely?, Normal printer bios flash is via a connection to PC is it not? I seem to remember doing one over the network once.

    That does sound very interesting. it sounds like the code had been writen custom for the job?

  4. #4
    AO Veteran NeuTron's Avatar
    Join Date
    Apr 2003
    Posts
    550
    Is there anything else that you can post on this. I've never heard of anyone writing a DoS app and placing it on a printer. If you have any more specifics or end up discovering anymore, please post them. Thanks.
    -NeuTron

  5. #5
    Senior Member linuxcomando's Avatar
    Join Date
    Sep 2001
    Posts
    432
    http://www.syngress.com/samplechapters/249_chap4.pdf
    I found this link a few min ago, gives you an idea of what can be done remotley with a printer. I dont know if this if actually a real example or not, but it does describe pretty much to a T a hackers exploit of a printer. Very interesting reading.
    Same b
    asic idea that was used on the car dealerships printers.

  6. #6
    Senior Member DeadAddict's Avatar
    Join Date
    Jun 2003
    Posts
    2,583
    I agree I could not stop reading and I learned alot from it thanks for sharing it

  7. #7
    Senior Member
    Join Date
    Jul 2003
    Posts
    217
    the printer flash memory can be flashed from a remote location. HP provides the software to do it for patches and upgrades to their printer software. So I guess if this can be done by HP then it should be ab le to be done by anyone else if you ahve the right info and skilss.

  8. #8
    Senior Member
    Join Date
    Mar 2003
    Posts
    301
    Wow that is interesting. New information for me also. Thanks for the info.

    PeacE
    -BoB
    #!/usr/local/bin/perl -s-- -export-a-crypto-system-sig -RSA-in-3-lines-PERL
    ($k,$n)=@ARGV;$m=unpack(H.$w,$m.\"\\0\"x$w),$_=`echo \"16do$w 2+4Oi0$d*-^1[d2%
    Sa2/d0<X+d*La1=z\\U$n%0]SX$k\"[$m*]\\EszlXx++p|dc`,s/^.|\\W//g,print pack(\'H*\'
    ,$_)while read(STDIN,$m,($w=2*$d-1+length($n||die\"$0 [-d] k n\\n\")&~1)/2)

  9. #9
    Member
    Join Date
    Nov 2002
    Posts
    80
    Thats a great link, and well worth the read.

  10. #10
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    Wait until all of our home appliances are connected to the net.

    my fr1dg3 0wnz j00!!

    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •