Posts Tagged ‘Printer’

PRET is a new tool for printer security testing developed in the scope of a Master’s Thesis at Ruhr University Bochum. It connects to a device via network or USB and exploits the features of a given printer language. Currently PostScript, PJL and PCL are supported which are spoken by most laser printers. This allows cool stuff like capturing or manipulating print jobs, accessing the printer’s file system and memory or even causing physical damage to the device. All attacks are documented in detail in the Hacking Printers Wiki.

The main idea of PRET is to facilitate the communication between the end-user and the printer. Thus, after entering a UNIX-like command, PRET translates it to PostScript, PJL or PCL, sends it to the printer, evaluates the result and translates it back to a user-friendly format. PRET offers a whole bunch of commands useful for printer attacks and fuzzing.

Installation

# pip install colorama pysnmp
# pip install win_unicode_console
# apt-get install imagemagick ghostscript
git clone https://github.com/RUB-NDS/PRET.git

Usage

usage: pret.py [-h] [-s] [-q] [-d] [-i file] [-o file] target {ps,pjl,pcl}
positional arguments:
target                printer device or hostname
{ps,pjl,pcl}          printing language to abuse
optional arguments:
-h, --help            show this help message and exit
-s, --safe            verify if language is supported
-q, --quiet           suppress warnings and chit-chat
-d, --debug           enter debug mode (show traffic)
-i file, --load file  load and run commands from file
-o file, --log file   log raw data sent to the target
 
Source https://github.com/RUB-NDS/PRET
Advertisements

tv crime2

A critical vulnerability discovered in certain LaserJet Pro printers that could give remote attackers access to sensitive data. Homeland Security’s Computer Emergency Response Team recently issued a vulnerability note warning that HP LaserJet Professional printers contain a telnet debug shell which could allow a remote attacker to gain unauthorized access to data.

This flaw was discovered by a Germany security expert, Christoph von Wittich. He detected the vulnerability during a routine network scan of his company’s corporate network.

He said the vulnerability could also be used for a denial-of-service attack. “As long as the printer is not connected to the Internet, this vulnerability should not cause much trouble for the end user”.

Marked as CVE-2012-5215 (VU#782451, SSRT101078), vulnerability affected 12 printer models including HP LaserJet Pro P1102w, P1102w, P1606dn, M1212nf MFP, M1213nf MFP, M1214nfh MFP, M1216nfh Multifunction Printer, M1217nfw Multifunction Printer, M1218nfs MFP, M1219nf MFP, CP1025nw, and CP1025nw.

Users are advised to download updated firmware for printers impacted by the bug from the company’s Support Center site.

HP Support Center

HP SUPPORT COMMUNICATION – SECURITY BULLETIN

HP UPDATED FIRMWARE