Printer Hacking 101
In this challenge we will be looking at some basic printer vulnerabilities using PRET and getting access to unsecured printers. The room can be found here. A cheat sheet for use with PRET can be found here.
A video walkthrough of this room can be found here.
Table of Contents
Unit 2: IPP Port
- What port does IPP run on?
This answer can be found with a quick Google search.
Click for answer
631
Unit 3: Targeting & Exploitation
- How would a simple printer TCP DoS attack look as a one-line command?
For this question we can look at the cheat sheet provided. Here we look for any commands related to TCP.
Click for answer
while true; do nc printer 9100; done
- Review the cheat sheet provided in the task reading above. What attack are printers often vulnerable to which involves sending more and more information until a pre-allocated buffer size is surpassed?
This answer can also be found in the attached cheat sheet whilst looking for anything related to buffer.
Click for answer
Buffer Overflow
- Connect to the printer per the instructions above. Where's the Fox_Printer located?
Lets navigate to the appropriate page 10.10.7.6:631. Here we get a home page for the CUPS server. Navigating to the printers tab, we get a list of available printers.
Click for answer
Skidy's basement
- What is the size of a test sheet?
For this we can click on the printer in question and under the maintenance dropdown select print test page.
Now we can find more information for this job on the jobs page.
Click for answer
1k
Extra I tried logging into the printer by brute-forcing the password. Unfortunately, Hydra kept crashing (the try rate was very slow).
So I was unable to get the password. But several other walkthroughs listed the password with which I could log in. Have yet to try out things to do after that.
Click for answer
password123