Jump to content
Hak5 Forums
Sign in to follow this  
qry

TCPDump printer

Recommended Posts

Has anybody been able to mitm a printer which was using a (windows) print server?

I tried running default payload 1: tcpdump to sniff traffic going to a printer.
I read the payload and saw it put the PS into transparent netmode.

Hookup:   [printer] --CAT5-->  in-[PS]-out  --CAT5--> [wall-jack-to-switch]

The printer is hardcoded to a specific IPv4 address and uses a print server for spooling.
Whenever the PS is placed inline, all systems & print-server say the printer is no longer reachable.
Confirmed by pinging the hardcoded IP of printer that it is not reachable.

PS boots up fine (blue-blinky) then starts payload,
even though the printer's not available I still sent a print-job
waited, hit the PS button and connected it back to my attack platform.

The payload didn't seem to have run, as there was no "loot/tcpdump" folder created.
The fact the printer dropped off, makes me wonder about transparent mode as well.

Pretty sure there's no port-security, the other network segments don't have it.
I also tried swapping the in/out cables to the PS and rebooted it, still no success.

Share this post


Link to post
Share on other sites
Posted (edited)

I suspect it's not running the right payload, maybe the wrong switch?

Refer to this image:

packet_squirrel_diagram2.png

Edited by Dave-ee Jones

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×