Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-21 20:23:18 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/network-services-pentesting/9100-pjl.md
Translator workflow b442ae90c4 Translated to Klingon
2024-02-10 17:52:19 +00:00

7.7 KiB
Raw Permalink Blame History

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

Basic Information

From here: Raw printing is what we define as the process of making a connection to port 9100/tcp of a network printer. It is the default method used by CUPS and the Windows printing architecture to communicate with network printers as it is considered as the simplest, fastest, and generally the most reliable network protocol used for printers. Raw port 9100 printing, also referred to as JetDirect, AppSocket or PDL-datastream actually is not a printing protocol by itself. Instead all data sent is directly processed by the printing device, just like a parallel connection over TCP. In contrast to LPD, IPP and SMB, this can send direct feedback to the client, including status and error messages. Such a bidirectional channel gives us direct access to results of PJL, PostScript or PCL commands. Therefore raw port 9100 printing which is supported by almost any network printer is used as the channel for security analysis with PRET and PFT.

If you want to learn more about hacking printers read this page.

Default port: 9100

9100/tcp open  jetdirect

Enumeration

Manual

qo'noS

Qap

Qap

Qap

Qap
Qap

qo'noS

Qap

Qap

Qap

Qap
Qap
nc -vn <IP> 9100
@PJL INFO STATUS      #CODE=40000   DISPLAY="Sleep"   ONLINE=TRUE
@PJL INFO ID          # ID (Brand an version): Brother HL-L2360D series:84U-F75:Ver.b.26
@PJL INFO PRODINFO    #Product info
@PJL FSDIRLIST NAME="0:\" ENTRY=1 COUNT=65535  #List dir
@PJL INFO VARIABLES   #Env variales
@PJL INFO FILESYS     #?
@PJL INFO TIMEOUT     #Timeout variables
@PJL RDYMSG           #Ready message
@PJL FSINIT
@PJL FSDIRLIST
@PJL FSUPLOAD         #Useful to upload a file
@PJL FSDOWNLOAD       #Useful to download a file
@PJL FSDELETE         #Useful to delete a file

Qapmey

PJL (Printer Job Language)

The PJL (Printer Job Language) is a printer control language that allows for the management and control of printer functions. It is commonly used in network printers and can be exploited for various purposes during a penetration test.

PJL Commands

PJL commands are used to control and configure printer settings. Some common PJL commands include:

  • @PJL INFO ID: Retrieves the printer's identification information.
  • @PJL INFO STATUS: Retrieves the printer's status information.
  • @PJL INFO VARIABLES: Retrieves the printer's variable information.
  • @PJL SET: Sets a specific printer parameter.
  • @PJL DEFAULT: Resets printer settings to their default values.
  • @PJL EOJ: Ends the current print job.

Exploiting PJL

Exploiting PJL can provide an attacker with valuable information about the printer and potentially allow for unauthorized access or control. Some potential attack vectors include:

  • Information Disclosure: By retrieving printer information using PJL commands, an attacker can gather details such as printer model, firmware version, and network configuration. This information can be used to identify vulnerabilities or plan further attacks.
  • Printer Manipulation: PJL commands can be used to modify printer settings, such as changing the default paper tray or adjusting print quality. An attacker could exploit this to disrupt printing operations or cause physical damage to the printer.
  • Command Injection: If the printer accepts user input and processes it as part of a PJL command, it may be vulnerable to command injection attacks. This could allow an attacker to execute arbitrary commands on the printer or even gain remote code execution.

PJL Exploitation Tools

Several tools can be used to exploit PJL vulnerabilities, including:

  • PJLTester: A Python script that allows for testing and exploitation of PJL vulnerabilities.
  • PJLInjector: A tool that injects PJL commands into print jobs to manipulate printer settings or execute arbitrary commands.
  • PJLExploit: A Metasploit module that automates PJL exploitation.

Countermeasures

To mitigate PJL vulnerabilities, consider the following countermeasures:

  • Disable PJL: If PJL is not required for printer functionality, consider disabling it to prevent potential exploitation.
  • Update Firmware: Keep printer firmware up to date to ensure that known vulnerabilities are patched.
  • Restrict Network Access: Limit network access to printers to trusted devices or networks to reduce the attack surface.
  • Input Validation: Validate and sanitize user input to prevent command injection attacks.

Conclusion

PJL vulnerabilities can pose a significant risk to network printers. By understanding how PJL works and the potential attack vectors, you can better protect your organization's printing infrastructure. Regular security assessments and updates are essential to maintain a secure printing environment.

nmap -sV --script pjl-ready-message -p <PORT> <IP>

msf> use auxiliary/scanner/printer/printer_env_vars
msf> use auxiliary/scanner/printer/printer_list_dir
msf> use auxiliary/scanner/printer/printer_list_volumes
msf> use auxiliary/scanner/printer/printer_ready_message
msf> use auxiliary/scanner/printer/printer_version_info
msf> use auxiliary/scanner/printer/printer_download_file
msf> use auxiliary/scanner/printer/printer_upload_file
msf> use auxiliary/scanner/printer/printer_delete_file

Printers Hacking tool

This is the tool you want to use to abuse printers:

{% embed url="https://github.com/RUB-NDS/PRET" %}

Shodan

  • pjl port:9100
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks: