mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-24 21:53:54 +00:00
remove descriptions
This commit is contained in:
parent
634ff30a8d
commit
970f3123b3
14 changed files with 0 additions and 58 deletions
|
@ -17,10 +17,6 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
|||
</details>
|
||||
|
||||
|
||||
---
|
||||
description: 'https://github.com/EmpireProject/Empire'
|
||||
---
|
||||
|
||||
# Empire
|
||||
|
||||
|
||||
|
|
|
@ -17,10 +17,6 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
|||
</details>
|
||||
|
||||
|
||||
---
|
||||
description: 'https://github.com/inquisb/icmpsh'
|
||||
---
|
||||
|
||||
# ICMPsh
|
||||
|
||||
Download the backdoor from: [https://github.com/inquisb/icmpsh](https://github.com/inquisb/icmpsh)
|
||||
|
|
|
@ -17,10 +17,6 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
|||
</details>
|
||||
|
||||
|
||||
---
|
||||
description: https://github.com/Ne0nd0g/merlin
|
||||
---
|
||||
|
||||
# Merlin
|
||||
|
||||
## Installation
|
||||
|
|
|
@ -17,10 +17,6 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
|||
</details>
|
||||
|
||||
|
||||
---
|
||||
description: https://github.com/Hackplayers/Salsa-tools
|
||||
---
|
||||
|
||||
# Salseo
|
||||
|
||||
## Compiling the binaries
|
||||
|
|
|
@ -17,10 +17,6 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
|||
</details>
|
||||
|
||||
|
||||
---
|
||||
description: Checklist for privilege escalation in Linux
|
||||
---
|
||||
|
||||
# Checklist - Linux Privilege Escalation
|
||||
|
||||
{% hint style="warning" %}
|
||||
|
|
|
@ -17,10 +17,6 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
|||
</details>
|
||||
|
||||
|
||||
---
|
||||
description: 'Get request, Post request (regular, json, file)'
|
||||
---
|
||||
|
||||
# Web Requests
|
||||
|
||||
```python
|
||||
|
|
|
@ -17,10 +17,6 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
|||
</details>
|
||||
|
||||
|
||||
---
|
||||
description: From http://hacking-printers.net/wiki/index.php/Accounting_bypass
|
||||
---
|
||||
|
||||
# Accounting bypass
|
||||
|
||||
## **Introduction**
|
||||
|
|
|
@ -17,12 +17,6 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
|||
</details>
|
||||
|
||||
|
||||
---
|
||||
description: >-
|
||||
Information from
|
||||
http://hacking-printers.net/wiki/index.php/Cross-site_printing
|
||||
---
|
||||
|
||||
# Cross-Site Printing
|
||||
|
||||
You can make a user send HTTP POST request to the port 9100 of several IPs trying to reach an open raw print port open. If found, the **HTTP header is either printed as plain text or discarded** based on the printer's settings. The **POST data** however can **contain** arbitrary print jobs like **PostScript** or **PJL** commands to be **interpreted**.
|
||||
|
|
|
@ -17,10 +17,6 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
|||
</details>
|
||||
|
||||
|
||||
---
|
||||
description: From http://hacking-printers.net/wiki/index.php/Factory_defaults
|
||||
---
|
||||
|
||||
# Factory Defaults
|
||||
|
||||
**Resetting** a device to factory defaults is a security-critical functionality as it **overwrites protection mechanisms** like user-set passwords. This can usually be done by pressing a **special key combination** on the printer's **control panel**. Performing such a cold reset only takes seconds and therefore is a realistic scenario for local attackers or penetration testers, who can for example sneak into the copy room at lunchtime. However, **physical access** to the device is **not always an option**.
|
||||
|
|
|
@ -17,10 +17,6 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
|||
</details>
|
||||
|
||||
|
||||
---
|
||||
description: 'Info from http://hacking-printers.net/wiki/index.php/Firmware_updates'
|
||||
---
|
||||
|
||||
# Firmware updates
|
||||
|
||||
The dangers of malicious firmware updates are well-known and have been discussed early by [\[1\]](http://hacking-printers.net/wiki/index.php/Firmware_updates#cite_note-1) and [\[2\]](http://hacking-printers.net/wiki/index.php/Firmware_updates#cite_note-2). In contrast to other networked devices however, **it is common for printers to deploy firmware updates as ordinary print jobs**. This opens up a wide gateway for attackers because access to printing functionality is usually a low hurdle. One can only speculate about the motivation for such insecure design decisions but it seems logical that historic reasons play a role: Printers used to be connected by parallel or USB cable. Without network connectivity, security was less important and without a password-protected web server or similar functionality the printing channel was the only way to send data to the device.
|
||||
|
|
|
@ -17,10 +17,6 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
|||
</details>
|
||||
|
||||
|
||||
---
|
||||
description: From http://hacking-printers.net/wiki/index.php/Print_job_manipulation
|
||||
---
|
||||
|
||||
# Print job manipulation
|
||||
|
||||
## Content Overlay
|
||||
|
|
|
@ -17,10 +17,6 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
|||
</details>
|
||||
|
||||
|
||||
---
|
||||
description: From http://hacking-printers.net/wiki/index.php/Print_job_retention
|
||||
---
|
||||
|
||||
# Print Job Retention
|
||||
|
||||
## Job Retention
|
||||
|
|
|
@ -17,10 +17,6 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
|||
</details>
|
||||
|
||||
|
||||
---
|
||||
description: From http://hacking-printers.net/wiki/index.php/Fax_and_Scanner
|
||||
---
|
||||
|
||||
# Scanner and Fax
|
||||
|
||||
## Scanner
|
||||
|
|
|
@ -17,10 +17,6 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
|||
</details>
|
||||
|
||||
|
||||
---
|
||||
description: 'Info from http://hacking-printers.net/wiki/index.php/Software_packages'
|
||||
---
|
||||
|
||||
# Software packages
|
||||
|
||||
In the recent years, printer vendors have started to introduce the **possibility to install custom software on their devices**. The format of such ‘printer apps’ is proprietary and SDKs are not available to the public. The feature of writing customized software which runs on printers was intended and is reserved for resellers and contractors, not for end-users. Hereby a printer fleet can be adapted to the special needs and business processes of a company; document solution providers can easily integrate printers into their management software. One popular example is NSi AutoStore [\[1\]](http://hacking-printers.net/wiki/index.php/Software_packages#cite_note-1) which can be installed on many MFPs and automatically uploads scanned or copied documents to predefined locations. Obviously, the feature to run custom code on a printer device is a potential security threat. Furthermore code signing of software packages is potentially harder than it is for [firmware](http://hacking-printers.net/wiki/index.php/Firmware_updates) as software is not only written by the printer manufacturer but by a broader range of developers who need to be in possession of the secret key to sign their software. Therefore it is logical to include the secret key in SDKs which are protected by being exclusively available from developer platforms. This article is an effort to systematically gather information on vendor-specific software platforms/SDKs.
|
||||
|
|
Loading…
Reference in a new issue