Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Fun with a JetDirect

  1. #1
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897

    Fun with a JetDirect

    Fun with a JetDirect

    Well, I’ve been playing with JetDirect enabled printers and other a few Savins so I can make a video for the next Infonomicon TV. Here is what I have so far for what I want to show, starting from the simple to the arcane:

    1. Intro to the concept.
    2. Diagnostics page.
    3. Finding Network printers using Nmap.
    4. What an Nmap scan looks like (garbage print jobs)
    5. Using an JetDirect box for an Nmap Zombie scan bounce.
    6. Setting up a direct IP printer in Windows (I may skip this).
    7. Controlling the JetDirect box with telnet/a web browser.
    8. Jetadmin.
    9. DoSing the printer.
    10. Changing the LCD display text using HPhack, IGhphack and Hijetter.
    11. Changing settings with Hijetter.
    12. Using Hijetter to treat some JetDirect boxes as files/web servers.
    13. Finding stored faxes and print jobs on the Jetdirect printers.


    Other ideas? Many folks don't realize some of the stuff you can find out/do with a network printer, otherwise they would secure them more.

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Just for sh*ts and giggles.. ping the (subnet) broadcast address and see how many printers respond Probably don't have to tell you it's easy to spoof icmp
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Banned
    Join Date
    Jul 2005
    Posts
    511
    So I assume a network-printer is not secure within a network? Hmmm. Maybe Symantec will one day make a virusscanner for printers.

    (Help, my printer is infected with AdWare!)

    Would be interesting if you could add some additional text to be printed with every print command on every page. Or have every document sent to some location outside the company, as some kind of industrial espionage.

  4. #4
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    Well, I just recently found out how easy it is to sniff print jobs and collect them for later viewing with Ethereal.

  5. #5
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347
    Hey Iron, when is the next infonomicon due out? If you ever get bored, I bet a video tut on etheral alone would be very useful!
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

  6. #6
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    This perl script is fun..
    http://www.phfactor.net/code/hpset/
    Requirements

    1. A networked HP printer, HP4M+ or later, with JetDirect card. Tested on 4M+, 8150DN, and 8500 so far. The later machines appear to lack lower case characters, for some reason, and all of them have varying lengths of strings they can display.
    2. A host able to connect to said printer and run Perl.

    Usage

    hpset -m my.printer.com 'Chode Rules'
    hpset -m hp.marketing.example.com 'YOU ARE WEASELS'

    Actually, the quotes are optional:

    hpset -m hp2.example.edu Lunch wasn't Really Chicken

    There's also a -p argument to set the port, but as far as I know they all use port 9100. To reset the message, either reset the printer or run hpset with the default message, usually 'READY'.
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  7. #7
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    HPhack, IGhphack and Hijetter can do much the same thing.

    http://www.irongeek.com/i.php?page=security/hphack

  8. #8
    Now, RFC Compliant! Noia's Avatar
    Join Date
    Jan 2002
    Posts
    1,210
    hmmm

    I\m tempted to try this at work...
    With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!:.
    Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.

  9. #9
    Senior since the 3 dot era
    Join Date
    Nov 2001
    Posts
    1,542
    Originally posted here by Irongeek
    Well, I just recently found out how easy it is to sniff print jobs and collect them for later viewing with Ethereal.
    Yep, the same goes for the insecure pop3 mail passwords... ethereal...

  10. #10
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Sniffing the printer traffic means you have to be in the path somewhere. The 'normal' sniffing rules apply. What I found really, really troublesome is the fact that a lot of the modern printers (usually the ones with fax and scanning capabilities) store documents. Anyone with a browser can just connect to that printer and browse scanned/printed documents.

    The TCP/IP stack on these printers is usually seriously flawed too. No way to configure certain aspects.. Like turning ICMP broadcast pings on/off.

    That's one of the reasons I usually put all printers on a seperate network, firewall them and only allow the printserver access.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •