Description: A printer, who cares...HP's Printer Job Language(PJL)... sounds innocent enough. While researching into how to secure these devices some new malicious abuses have been discovered as well as some fun new uses for old attacks. We will cover how to send SNMP commands to HP printers and get back responses even if SNMP is disabled on the device. As well as discus some of the other fun that can be had with PJL and its lack of security like printer information gathering, control panel lockout, disk lockout, file uploads, file downloads, and mass LCD changing. PrintFS is the culmination of all of this research combined. Allowing for the printers in an enterprise to become a large storage receptacle for data ex-filtration, covert storage, and browser exploitation tactics. After the talk I will be releasing the printFS printer file- system tool as well as the python PJL library and another demo PJL python script.
Tags: securitytube , shmoocon , shmoo con , hacking , hackers , information security , convention , computer security , shmoo 11 , shmoocon 11 , shmoocon-2011 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.