Just_a_User Posted October 29, 2017 Share Posted October 29, 2017 (edited) Since getting a PacketSquirrel and learning that it would be great to drop behind amongst other things printers it got me thinking. The PacketSquirrel already has some solid tools installed as default but figured PRET (Printer Exploitation Toolkit) would be a nice addition. Info on PRET https://github.com/RUB-NDS/PRET Recent Blackhat presentation https://www.blackhat.com/docs/us-17/thursday/us-17-Mueller-Exploiting-Network-Printers.pdf Other printer attack info http://hacking-printers.net/wiki/index.php/Main_Page known vulnerable printer databases here https://github.com/RUB-NDS/PRET/tree/master/db Mine wasn't in the db but worked with pcl so I'm sure others will work also. After some challenges squeezing it onto the PocketSquirrel without going full extroot I think I figured it out on the default squirrel build. I tried adding /mnt as a opkg destination and using links and then pip etc... but in the end manual install of python modules seems to have the lowest footprint. After install still leaving the PacketSquirrel with 55% of unused rootfs . I'm not 100% sure if this can be "payloaded" but at least for remote SSH access its a nice tool to have. My problem now is the printer I borrowed uses PCL and that in itself is quite restrictive in what can be done with PRET, so im kinda out of my testing limit and need other targets to test against so I'm sharing it here for others to try. The install method I used in the end was to plug my USB drive into my laptop and git cloned each of the following to the drive. https://github.com/RUB-NDS/PRET https://github.com/etingof/pysnmp https://github.com/etingof/pysmi https://github.com/etingof/pyasn1 https://github.com/tartley/colorama Once cloned unplug safely and replug back into your squirrel. Then EXCLUDING PRET, go into each dir and use python to install the modules "python setup.py install' afterwards you should then be able to run PRET and use its tools from the squirrel directly. Edited October 29, 2017 by Just_a_User added presentation info 3 Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.