![]() ![]() ![]() └─$ python pret.py -o laser.pret 10.10.10.201 pjlĪppend delete edit free info mkdir printenv set unlockĬat destroy env fuzz load nvram put site versionĬhvol disable find help loop open reset timeoutĬlose discover flood hold ls pagecount restart touchĭebug display format id mirror print selftest traversalĪfter testing all of the PCL commands and getting nothing I went back and tried the third language, PJL, and got another shell with many more commands available after using the help command. Although turning a printer into a file sharing service is not a security vulnerability per se, it may apply as ‘misuse of service’ depending on the corporate policy.Īfter reading up about the difference between the printer languages I decided that this one probably didn’t speak the binary language of vaporators…I mean PCL. This hack shows that even a device which supports only minimalist page description languages like PCL can be used to store arbitrary files like copyright infringing material. The PRET tool implements a virtual, PCL-based file system which uses macros to save file content and metadata in the printer’s memory. None of the other commands gave anything further.ĭue to its limited capabilities, PCL is hard to exploit from a security perspective unless one discovers interesting proprietary commands in some printer manufacturers’s PCL flavour. Trying the ls command gave me an error message that said I could use put to upload files. This time I was able to use the help command to get a list of further options to try. This only gave errors, so I switched to the PCL language and tried again. ![]() Type help or ? to list commands.Ĭat debug discover exit get info loop open put siteĬlose delete edit free help load ls print selftest timeoutįollowing the instructions, I was able to quickly get it up and running, and got a pret shell on the machine using the PS printer language. No feedback (Printer busy, non-ps or silent) | ||/.´-.|| | || 「 pentesting tool that made _/_//|| PRET | Printer Exploitation Toolkit v0.40 9001 did not respond at all, while 9000 just sent back garbage characters (probably binary information). Port 9000 & 9001įirst I tried firing up a browser to see what kind of reply I might get from these ports. It turns out these are commonly used by printers. I wasn’t familiar with them so I searched for what uses ports 90. The Nmap scan only showed three open ports: 22 - SSH, 9000, and 9001. Nmap done: 1 IP address (1 host up) scanned in 44.32 seconds Service Info: OS: Linux CPE: cpe:/o:linux:linux_kernel └─$ nmap -sCV -n -v -p-oA laser 10.10.10.201Ģ2/tcp open ssh OpenSSH 8.2p1 Ubuntu 4 (Ubuntu Linux protocol 2.0) ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |