Iain Posted March 4, 2011 Share Posted March 4, 2011 (edited) I work with a small business in IT and we are a Windows "shop". We have a number of network printers and I access the web server that each contains for configuration information, the state of the toner cartridges etc. I know that the printers have RAM and a hard drive. Does anyone know how easy it would be to mount the hard drive remotely and access the stored print jobs, scans etc.? I suspect that the printers/MFPs run a version of Linux which may be bespoke. I know that I could take a screwdriver to the hardware to pull out the hard drive but it would be more elegant to access the material remotely. If this is feasible, I'll do some more research but if it's likely to be a non-starter, I won't waste my time. Finally, I saw an article a while ago about using Netcat as a form of "man in the middle" to collect print jobs before forwarding them to the printer but I know just how easily AV products pick up Netcat (or one of it's variants). Edited March 4, 2011 by Iain Quote Link to comment Share on other sites More sharing options...
digip Posted March 4, 2011 Share Posted March 4, 2011 (edited) Go watch this episode: http://www.hak5.org/episodes/episode-826 - Segment 3 Episode 826 – Shmoocon 2011 – Part 3: Search and Siezure, Evite pwnage and printer attacks http://www.itsecuresite.com/network-security/its-a-printer-its-a-file-system-its-both.html http://www.google.com/search?num=50&hl=en&newwindow=1&safe=off&q=ben+smith+remote-exploit.org+%2B+printer+attack&btnG=Search Edited March 4, 2011 by digip Quote Link to comment Share on other sites More sharing options...
Jason Cooper Posted March 4, 2011 Share Posted March 4, 2011 check out Irongeek there was plenty of stuff about hacking printers on there. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted March 4, 2011 Share Posted March 4, 2011 Here is a direct link to Irongeeks, how to hack printers http://www.irongeek.com/i.php?page=security/networkprinterhacking Quote Link to comment Share on other sites More sharing options...
digininja Posted March 5, 2011 Share Posted March 5, 2011 Look at the videos from this years Shmoocon, while not covering exactly what you want they may give you some ideas. Quote Link to comment Share on other sites More sharing options...
he dares Posted March 6, 2011 Share Posted March 6, 2011 Anyone know what happed to the software he said would be on remote exploit in Episode 826 i cant find it anywhere and i wanted to play with it looked really intesting. Quote Link to comment Share on other sites More sharing options...
Iain Posted March 7, 2011 Author Share Posted March 7, 2011 I'm grateful for the tips. For some reason, I couldn't download episode 8.26. I'll check it out on Revision 3. At least I know that it's feasible now so I'll invest some time researching into it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.