Re: pjl script updates

[David Fifield <david () bamsoftware com>]

On Mon, Aug 17, 2009 at 08:13:21AM -0700, rilian4 rilian4 wrote:
> > Hi Aaron, sorry for the late response. Please do post the scripts to the
> > list. For the particular purpose of printer model identification, I
> > think the PJL queries make more sense as -sV service probes than as NSE
> > scripts. I am curious to see the exact syntax that you used and compare
> > it to probes that Brandon Enright has prepared.
>
> My turn to apologize for the delayed response. I have been on
> vacation. Attached is pjl-model.nse. It is a simple script that sends
> the PJL model command and displays any response.

Brandon, I would like you to comment on this script and the PJL version
probes you posted in http://seclists.org/nmap-dev/2009/q1/0560.html.
Aaron's query string is "@PJL INFO ID\n" while yours is
"\x1b%-12345X@PJL INFO ID\x0d\x0a\x1b%-12345X\x0d\x0a". What is the
difference in meaning between these?

I think this particular function of PJL is a better fit for version
detection than NSE, which is why I'm asking. I would like to get these
probes in at least a branch so people can test them out.

> > Apart from the limited scope of determining the model or version number,
> > which I think should be in nmap-service-probes, I would be interested in
> > seeing what other information you can get from printers.
>
> I have another basic script that is not fully hashed out that returns
> the page count on the printer.
>
> My PJL documentation shows several other interesting possibilities as
> well. An Example is the INFO command which is invoked for my model
> script. It can display model, memory, configuration variables, page
> count, etc. You can send PJL commands to read the file system on the
> printer, if any, and monkey w/ it. You can send the ECHO command which
> is like a PJL ping. It sends a string to the printer and the printer
> is supposed to return the same string back if it is working correctly.
> Basically you can monkey w/ just about any setting on an HP laserjet
> printer through PJL(and some of the commands work on non HP printers
> as well) and we know NSE can send PJL so that leaves it open.

What do you think about combining all these useful functions into one
script? Each query and response is pretty cheap, and we can get a lot of
information at once. I'm thinking it can be like the output of
smb-system-info.nse.

|  smb-system-info:
|  OS Details
|  |_ Microsoft Windows Server 2003 Service Pack 2 (ServerNT 5.2 build 3790)
|  |_ Installed on 2007-11-26 23:40:40
|  |_ Registered to Ron Bowes (organization: MYCOMPANY)
|  |_ Path: %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program %Files\Microsoft SQL 
Server\90\Tools\binn\;C:\Program Files\IBM\Rational %AppScan\
|  |_ Systemroot: C:\WINDOWS
|  |_ Page files: C:\pagefile.sys 2046 4092 (cleared at shutdown => 0)

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org