Re: Penetrating a PC through a printer device

From: david lodge (resident.deity@gmail.com)
Date: Mon Jan 23 2006 - 07:37:02 EST

• Next message: Steve McLaughlin: "RE: DoS problem."
• Previous message: Thierry Zoller: "Re: Penetrating a PC through a printer device"
• In reply to: majed al marri: "Penetrating a PC through a printer device"
• Next in thread: Alex S. Harasic: "RE: Penetrating a PC through a printer device"
• Reply: Alex S. Harasic: "RE: Penetrating a PC through a printer device"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> I was thinking about if a certain penetration test scenario was
> applicable. What if there was a target PC (that has no IP) connected to
> a printer through a parallel cable, where the printer has an IP and you
> had access to this printer through the network. Would you be able to
> compromise the connected target PC if you gained control of the printer?
> If so how. and if not why?

This'd be really hard to achieve and would have to depend upon several
different factors:
1) If I can root the printer, how much control do I get over it (e.g.
can I install my own code)?
2) Are there any bugs in the printer driver software?

In essence you'd need a printer where you can control your uploads to
it and know enough about the printer to be able rewrite the
parallel/usb/scsi responses. (A potential with some of the OS based
printers - I've seen printers running Windows 95 in the past!)

Then you need to find bugs in the printer driver so that you can
overflow the messages you send back. I'd think that this would be easy
to find (most printer drivers aren't written with security in mind),
but harder to exploit.

In conclusion: it would be technically feasible but the risk is
minimised dependant upon the environment.

Another thought, with modern FAX/IP printers, how easy would it be to
co-opt the FAX modem to provide ingress or egress to the network?

dave

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Steve McLaughlin: "RE: DoS problem."
• Previous message: Thierry Zoller: "Re: Penetrating a PC through a printer device"
• In reply to: majed al marri: "Penetrating a PC through a printer device"
• Next in thread: Alex S. Harasic: "RE: Penetrating a PC through a printer device"
• Reply: Alex S. Harasic: "RE: Penetrating a PC through a printer device"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:24 EDT