From: Alex S. Harasic (alharasic@mi.cl)
Date: Tue Jan 24 2006 - 18:22:46 EST
Hi... one thing though, besides whether it's likely or not to attack a PC
through a parallel port or through a USB port.
It's very hard to imagine a Printer connected to a network and to a PC at
the same time, it just makes no sense.
If this wase the scenario, unless there's USBnet, the PC won't have an IP
address to hack into (and the printer wouldn't work also). So the way to go
would be trying to see if there's a bufferoverflow in the Printers drivers,
either how they manage parallel connections or USB connections. If there was
such a bufferoverflow that you could know how to attack, you would have to
send data through either /dev/usb or /dev/lp0, or however they are called in
your machine.
Regards
Alex S. Harasic
-----Mensaje original-----
De: david lodge [mailto:resident.deity@gmail.com]
Enviado el: Lunes, 23 de Enero de 2006 9:37
Para: majed al marri
CC: pentest list
Asunto: Re: Penetrating a PC through a printer device
> I was thinking about if a certain penetration test scenario was
> applicable. What if there was a target PC (that has no IP) connected
> to a printer through a parallel cable, where the printer has an IP and
> you had access to this printer through the network. Would you be able
> to compromise the connected target PC if you gained control of the
printer?
> If so how. and if not why?
This'd be really hard to achieve and would have to depend upon several
different factors:
1) If I can root the printer, how much control do I get over it (e.g.
can I install my own code)?
2) Are there any bugs in the printer driver software?
In essence you'd need a printer where you can control your uploads to it and
know enough about the printer to be able rewrite the parallel/usb/scsi
responses. (A potential with some of the OS based printers - I've seen
printers running Windows 95 in the past!)
Then you need to find bugs in the printer driver so that you can overflow
the messages you send back. I'd think that this would be easy to find (most
printer drivers aren't written with security in mind), but harder to
exploit.
In conclusion: it would be technically feasible but the risk is minimised
dependant upon the environment.
Another thought, with modern FAX/IP printers, how easy would it be to co-opt
the FAX modem to provide ingress or egress to the network?
dave
----------------------------------------------------------------------------
-- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ---------------------------------------------------------------------------- --- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:25 EDT