Nmap Development mailing list archives
NSE PJL proof of concept
From: Aaron Leininger <rilian4 () hotmail com>
Date: Fri, 10 Jul 2009 08:25:09 -0700
A few months back, there was a discussion on list about HP printers and detection using nmap. It came up in the discussion that HP LaserJets allow a lot of access w/o any password protection. As a way to try and figure out how to do some simple things using NSE, I have tried to write a proof of concept script that will alter the display message on a LaserJet. The PJL command to do this is very simple. You can telnet into port 9100 on a LaserJet and issue: @PJL RDYMSG DISPLAY = "Test Message" and the words TEST MESSAGE will show on the printer's display immediately. I have an NSE script that appears to run and send the correct string to the printer but the display does not change. I am hoping one of you gurus can help me along and tell me what I am doing wrong or missing. Below is my code and the output generated by nmap when run w/ script-trace enabled. I am using nmap4.85beta10 on SuSe linux. Thank you! Aaron Here is my code: id="Printer display setting script" description="Proof of concept that will change the display message on the target printer" author = "Aaron Leininger <rilian4 () hotmail com>" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" categories = {"intrusive"} require "nmap" require "shortport" portrule = shortport.port_or_service(9100, "jetdirect") action = function(host, port) local rdymsg="@PJL RDYMSG DISPLAY = \"Test Message\"" local socket = nmap.new_socket() socket:set_timeout(1000) try = nmap.new_try(function() socket:close() end) try(socket:connect(host.ip, port.number)) try(socket:send(rdymsg)) socket:close() return(rdymsg) end ================== output: (ip addresses anonymized) #nmap -p9100 --script-trace --script=./hprdymsg.nse printerip Starting Nmap 4.85BETA10 ( http://nmap.org ) at 2009-07-09 13:54 PDT Warning: File ./nselib/ exists, but Nmap is using /usr/local/share/nmap/nselib/ for security and consistency reasons. set NMAPDIR=. to give priority to files in your local directory (may affect the other data files too). NSOCK (0.1870s) nsock_loop() started (timeout=50ms). 0 events pending NSOCK (0.1870s) TCP connection requested to printerip:9100 (IOD #1) EID 8 NSOCK (0.1880s) nsock_loop() started (timeout=50ms). 1 events pending NSOCK (0.1890s) Callback: CONNECT SUCCESS for EID 8 [10.4.10.72:9100] NSE: TCP hostip:33066 > printerip:9100 | CONNECT NSOCK (0.1900s) nsock_loop() started (timeout=50ms). 0 events pending NSE: TCP hostip:33066 > printerip:9100 | @PJL RDYMSG DISPLAY = "Test Message" NSOCK (0.1900s) Write request for 36 bytes to IOD #1 EID 19 [10.4.10.72:9100]: @PJL RDYMSG DISPLAY = "Test Message" NSOCK (0.1900s) nsock_loop() started (timeout=50ms). 1 events pending NSOCK (0.1900s) Callback: WRITE SUCCESS for EID 19 [printerip:9100] NSOCK (0.1910s) nsock_loop() started (timeout=50ms). 0 events pending NSE: TCP hostip:33066 > printerip:9100 | CLOSE Interesting ports on ths-tigernet-p2.ttsd.k12.or.us (10.4.10.72): PORT STATE SERVICE 9100/tcp open jetdirect |_ hprdymsg: @PJL RDYMSG DISPLAY = "Test Message" Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds _________________________________________________________________ Windows Liveā¢ HotmailĀ®: Find, add, and share the best celeb pics, right from Hotmail. Check it out. http://www.windowslive.com/Online/Hotmail/Campaign/QuickAdd?ocid=TXT_TAGLM_WL_QA_HM_celebrity_photos2_072009&cat=celebrity _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- NSE PJL proof of concept Aaron Leininger (Jul 10)
- Re: NSE PJL proof of concept jah (Jul 10)
- RE: NSE PJL proof of concept Aaron Leininger (Jul 10)
- RE: NSE PJL proof of concept Aaron Leininger (Jul 10)
- Re: NSE PJL proof of concept David Fifield (Jul 10)
- RE: NSE PJL proof of concept Aaron Leininger (Jul 10)
- Re: NSE PJL proof of concept Fyodor (Jul 11)
- Re: NSE PJL proof of concept Fyodor (Jul 11)
- RE: NSE PJL proof of concept Aaron Leininger (Jul 13)
- Re: NSE PJL proof of concept David Fifield (Jul 13)
- RE: NSE PJL proof of concept Aaron Leininger (Jul 13)
- RE: NSE PJL proof of concept Aaron Leininger (Jul 10)
- Re: NSE PJL proof of concept jah (Jul 10)