Hello hackers am back again with printer exploitation, actually today i thought maybe I can share with you guys about printer hacking dispite i haven't write any post coz school is becoming really hot men and at the same time it sucks for sure. I was interested to see how printers are being hacked after listerning to one of the podcast from darknet diaries from my spofity, and after moving around with HTB tracks I found a track which deals with printer hacking and i was interested to see how i can hack the printer, lets get started.
Hacking printer is quite easy coz in many organization you will find they are using default creds on the printers which is very risk on one side or the other, i remember two month back i was just moving online and decide to take a look at shodan and see if i can find any printers open online and i was like "holy shit there many printer out there open and there using default credentials men"
With this challenge we were give just a printer port and an ip address
With this challenge is that it seems that the printer was also accessible via a web server as the challenge descibe and seems that it does not allow to print anything until we have the pin to unlock,lets check it first copy the ip:port and paste it to the browser and see what we get.
Upon moving around it seems that we have job control panel where it prompt something like command or something else
if we take a close look you will observe that the nature of command being type here starts with "@PJL INFO ID"
where by
so i started to type the command and see what I can get
And we can see the OUTPUT 'HTB Printer'
But since i dont know much a PJL command i decide to google and see what i can get about PJL command
NB: After googling much i found this articles here and decided to play with it and see what i can get
NOTE: At first if you input the command it gives you an error, the error means that it is not a backward slash(\), it needs a forward slash(/)
Now lets make some small changes to the command we have from here
OUTPUT
At first time i struggled finding the flag but let me make it simple here, there the flag is located at the home directory so we need to find the home directory here
OUTPUT
lets get inside the home directory and see what we have here
OUTPUT
we get another directory lets get into it and see what we can see inside
OUTPUT
Now we get a file(readyjob) so here we cant use a FSDIRLIST we can use a command like FSUPLOAD command
PoC
lets try to get the content of /etc/passwd using the FSUPLOAD command
OUTPUT
As you can see it worked so we can use this to get the content of the readyjob coz its a file
OUTPUT
Really fun men with printer, shodan.io can help with really world hacking printers Happy hacking