🖨️Printer Hacking

Intro

The Internet Printing Protocol (IPP) Port 631

• is a specialized Internet protocol for communication between client devices and printers. It allows clients to submit one or more print jobs to the printer or print server and perform tasks such as querying the status of a printer, obtaining the status of print jobs, or canceling individual print jobs.

When an IPP port is open to the internet, it is possible for anyone to print to the printer or even transfer malicious data through it (using it as a middleman for attacks).

An open IPP port can expose a lot of sensitive information such as printer name, location, model, firmware version, or even printer Wi-Fi SSID.

Reconnaissance and Exploitation

To start doing recon on the network and exploit printers this repository will be super useful:

• https://github.com/RUB-NDS/PRET

• http://hacking-printers.net/wiki/index.php/Printer_Security_Testing_Cheat_Sheet

Locating printers

Running python pret.py will start an automatic printer discovery in your local network.

./pret.py
No target given, discovering local printers

address          device                       uptime    status                 
───────────────────────────────────────────────────────────────────────────────
192.168.1.5      hp LaserJet 4250             10:21:49   Ready                 
192.168.1.11     HP LaserJet M3027 MFP        13 days    Paper jam             
192.168.1.27     Lexmark X792                 153 days   Ready                 
192.168.1.28     Brother MFC-7860DW           16:31:17   Sleep mode        

Exploiting

There are just three options you need to try when exploiting a printer using PRET:

1. PS (PostScript)

2. PJL (Printer Job Language)

3. PCL (Printer Command Language)

You need to try out all of these options to see which one is going to be understood by the printer.

Examples:

python pret.py {IP} pjl
python pret.py laserjet.lan ps
python pret.py /dev/usb/lp0 pcl

After running this command, you are supposed to get shell-alike output with different commands. Run help to see them.

PRET allows us to interact with the printer as if we were working with a remote directory. We can now store, delete, or add information on the printer.