-
September 7th, 2005, 05:33 AM
#1
Fun with a JetDirect
Fun with a JetDirect
Well, I’ve been playing with JetDirect enabled printers and other a few Savins so I can make a video for the next Infonomicon TV. Here is what I have so far for what I want to show, starting from the simple to the arcane:
1. Intro to the concept.
2. Diagnostics page.
3. Finding Network printers using Nmap.
4. What an Nmap scan looks like (garbage print jobs)
5. Using an JetDirect box for an Nmap Zombie scan bounce.
6. Setting up a direct IP printer in Windows (I may skip this).
7. Controlling the JetDirect box with telnet/a web browser.
8. Jetadmin.
9. DoSing the printer.
10. Changing the LCD display text using HPhack, IGhphack and Hijetter.
11. Changing settings with Hijetter.
12. Using Hijetter to treat some JetDirect boxes as files/web servers.
13. Finding stored faxes and print jobs on the Jetdirect printers.
Other ideas? Many folks don't realize some of the stuff you can find out/do with a network printer, otherwise they would secure them more.
-
September 7th, 2005, 03:31 PM
#2
Just for sh*ts and giggles.. ping the (subnet) broadcast address and see how many printers respond Probably don't have to tell you it's easy to spoof icmp
Oliver's Law:
Experience is something you don't get until just after you need it.
-
September 7th, 2005, 03:55 PM
#3
So I assume a network-printer is not secure within a network? Hmmm. Maybe Symantec will one day make a virusscanner for printers.
(Help, my printer is infected with AdWare!)
Would be interesting if you could add some additional text to be printed with every print command on every page. Or have every document sent to some location outside the company, as some kind of industrial espionage.
-
September 7th, 2005, 04:06 PM
#4
Well, I just recently found out how easy it is to sniff print jobs and collect them for later viewing with Ethereal.
-
September 7th, 2005, 04:11 PM
#5
Hey Iron, when is the next infonomicon due out? If you ever get bored, I bet a video tut on etheral alone would be very useful!
kr5kernel
(kr5kernel at hotmail dot com)
Linux: Making Penguins Cool Since 1994.
-
September 7th, 2005, 04:11 PM
#6
This perl script is fun..
http://www.phfactor.net/code/hpset/
Requirements
1. A networked HP printer, HP4M+ or later, with JetDirect card. Tested on 4M+, 8150DN, and 8500 so far. The later machines appear to lack lower case characters, for some reason, and all of them have varying lengths of strings they can display.
2. A host able to connect to said printer and run Perl.
Usage
hpset -m my.printer.com 'Chode Rules'
hpset -m hp.marketing.example.com 'YOU ARE WEASELS'
Actually, the quotes are optional:
hpset -m hp2.example.edu Lunch wasn't Really Chicken
There's also a -p argument to set the port, but as far as I know they all use port 9100. To reset the message, either reset the printer or run hpset with the default message, usually 'READY'.
ASCII stupid question, get a stupid ANSI.
When in Russia, pet a PETSCII.
Get your ass over to SLAYRadio the best station for C64 Remixes !
-
September 7th, 2005, 04:13 PM
#7
HPhack, IGhphack and Hijetter can do much the same thing.
http://www.irongeek.com/i.php?page=security/hphack
-
September 7th, 2005, 04:46 PM
#8
hmmm
I\m tempted to try this at work...
With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .: Bring OS X to x86!:.
Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.
-
September 7th, 2005, 06:49 PM
#9
Originally posted here by Irongeek
Well, I just recently found out how easy it is to sniff print jobs and collect them for later viewing with Ethereal.
Yep, the same goes for the insecure pop3 mail passwords... ethereal...
-
September 8th, 2005, 08:46 AM
#10
Sniffing the printer traffic means you have to be in the path somewhere. The 'normal' sniffing rules apply. What I found really, really troublesome is the fact that a lot of the modern printers (usually the ones with fax and scanning capabilities) store documents. Anyone with a browser can just connect to that printer and browse scanned/printed documents.
The TCP/IP stack on these printers is usually seriously flawed too. No way to configure certain aspects.. Like turning ICMP broadcast pings on/off.
That's one of the reasons I usually put all printers on a seperate network, firewall them and only allow the printserver access.
Oliver's Law:
Experience is something you don't get until just after you need it.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|