PRET: Printer Exploitation Toolkit

PRET is a new tool for printer security testing developed in the scope of a Master’s Thesis at Ruhr University Bochum. It connects to a device via network or USB and exploits the features of a given printer language. Currently PostScript, PJL and PCL are supported which are spoken by most laser printers. This allows cool stuff like capturing or manipulating print jobs, accessing the printer’s file system and memory or even causing physical damage to the device. All attacks are documented in detail in the Hacking Printers Wiki.

The main idea of PRET is to facilitate the communication between the end-user and the printer. Thus, after entering a UNIX-like command, PRET translates it to PostScript, PJL or PCL, sends it to the printer, evaluates the result and translates it back to a user-friendly format. PRET offers a whole bunch of commands useful for printer attacks and fuzzing.

Installation

# pip install colorama pysnmp
# pip install win_unicode_console
# apt-get install imagemagick ghostscript
git clone http://ift.tt/2kGm96f

Usage

usage: pret.py [-h] [-s] [-q] [-d] [-i file] [-o file] target {ps,pjl,pcl}

positional arguments:
target printer device or hostname
{ps,pjl,pcl} printing language to abuse

optional arguments:
-h, –help show this help message and exit
-s, –safe verify if language is supported
-q, –quiet suppress warnings and chit-chat
-d, –debug enter debug mode (show traffic)
-i file, –load file load and run commands from file
-o file, –log file log raw data sent to the target

Source

http://ift.tt/2kLxbdp

The post PRET: Printer Exploitation Toolkit appeared first on Penetration Testing in Linux. http://ift.tt/2qbMA8O http://ift.tt/2aM8QhC

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s