Articles & Presentations

Thursday, December 1, 2011

(R) Research on HP Printers

We have all recently read the articles on the HP printer vulnerability, but after a friend said "this seems to be a pretty targeted attack scenario..." I replied back saying.. "Not really, I discovered years ago with JetDirect printers that you can harvest data" and as another friend pointed out today even Nessus can lock up the JetDirect Print Server and interrupt print jobs..

Using the oldest trick in the book... Cough...cough.. Telnet port 80....

You can obtain data from HP printers easier than easy..

HTTP/1.1 400 Bad Request

Connection: close

Server: HP HTTP Server; HP Officejet Pro 8600 - CM750A; Serial Number: CN19T1K0W

V05KD; Coulomb_pp Built:Wed Sep 07, 2011 11:21:09PM {CLP1CN1136AR, ASIC id 0x00320104}


Yup... Now if you read this from a simple telnet query, you can grep what you're looking for and know exactly what firmware sploit to throw at an HP printer..


Not targeted, just plain stooped to serve up so much info...


HP... Epic FAIL !!!!