Just_a_User Posted October 29, 2017 Share Posted October 29, 2017 Since getting a PacketSquirrel and learning that it would be great to drop behind amongst other things printers it got me thinking. The PacketSquirrel already has some solid tools installed as default but figured PRET (Printer Exploitation Toolkit) would be a nice addition. Info on PRET https://github.com/RUB-NDS/PRET Recent Blackhat presentation https://www.blackhat.com/docs/us-17/thursday/us-17-Mueller-Exploiting-Network-Printers.pdf Other printer attack info http://hacking-printers.net/wiki/index.php/Main_Page known vulnerable printer databases here https://github.com/RUB-NDS/PRET/tree/master/db Mine wasn't in the db but worked with pcl so I'm sure others will work also. After some challenges squeezing it onto the PocketSquirrel without going full extroot I think I figured it out on the default squirrel build. I tried adding /mnt as a opkg destination and using links and then pip etc... but in the end manual install of python modules seems to have the lowest footprint. After install still leaving the PacketSquirrel with 55% of unused rootfs . I'm not 100% sure if this can be "payloaded" but at least for remote SSH access its a nice tool to have. My problem now is the printer I borrowed uses PCL and that in itself is quite restrictive in what can be done with PRET, so im kinda out of my testing limit and need other targets to test against so I'm sharing it here for others to try. The install method I used in the end was to plug my USB drive into my laptop and git cloned each of the following to the drive. https://github.com/RUB-NDS/PRET https://github.com/etingof/pysnmp https://github.com/etingof/pysmi https://github.com/etingof/pyasn1 https://github.com/tartley/colorama Once cloned unplug safely and replug back into your squirrel. Then EXCLUDING PRET, go into each dir and use python to install the modules "python setup.py install' afterwards you should then be able to run PRET and use its tools from the squirrel directly. Link to comment Share on other sites More sharing options...
Foxtrot Posted October 29, 2017 Share Posted October 29, 2017 Great work :) Link to comment Share on other sites More sharing options...
Darren Kitchen Posted October 29, 2017 Share Posted October 29, 2017 On this topic, check out the LPR and DIPRINT protocols. With the tcpdump payload between a network printer and the rest of the LAN you'd be able to reassemble the print job. You'd be best to filter for just ports 515 and 9100. Here's some reading on it: http://rfg-esource.ricoh-usa.com/oracle/groups/public/documents/communication/rfg042515.pdfhttps://ask.wireshark.org/questions/27981/how-to-get-lpd-data-contenthttps://www.backtrack-linux.org/forums/showthread.php?t=34435 Link to comment Share on other sites More sharing options...
PoSHMagiC0de Posted February 20, 2018 Share Posted February 20, 2018 I've messed with PRET in the past. It is all python. I would say if the dependencies are met (which I believe they are all in python core) then it should work if PS has same dependencies in its core. You could make it an ssh console but it being python you could look through the main module to see how it uses its sub modules and incorporate that into your own interface to use. Hey @Dave-ee Jones , why don't you see how this can be incorporated as a module into that Wrt web interface you made? Would be great as a starter module to get a feel on how users can create their own modules for your system if you are going that way. :-) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.