The latest release of Praeda is now available. This release coincides with percX’s Defcon talk and is updated with new modules and bug fixes. You can grab the latest version here.
A PDF copy of the Defcon presentation slides can be downloaded from HERE.
PercX will be on the Guest Tech Segment of PaulDotCom Security Weekly – Episode 237 this Thursday March 31st, 2011.
http://pauldotcom.com/wiki/index.php/Episode237
PercX has been furiously hacking multi-function printers, and the result is a new tool called Praeda. Praeda is used to interrogate printers from a variety of manufacturers in an effort to gain information about a target network, or compromise credentials. You can get it here. It’s written in perl.
Required perl modules:
LWP::Simple
LWP::UserAgent
HTML::TagParser
URI::Fetch
HTTP::Cookies
Praeda syntax:
praeto.pl TARGET_FILE TCP_PORT PROJECT_NAME OUTPUT_FILE
TARGET_FILE = List of IP addresses or Host names to enumerated
TCP_PORT = port address of targets to scan ” At present only one port can be specified. This is expected to be modified in future version”
PROJECT_NAME = the name for this project. This will create a folder under the folder where Praeda was executed to contain logs and export info.
OUTPUT_FILE = name of log file for data output
Example:
./praeda.plĀ target.lst 80 project1 data-file
The results will create a folder called project1 and save all information in that folder. Praeda will also create a log file called data-file.log to store output and diagnostics.
It’s 2011, and we’re going to Shmoocon. PercX and Bokojan will be giving a presentation – Printer to PWND: Leveraging Multifunction Printers During Penetration Testing. They have some interesting research to present. The presentation begins at 10:00 on Saturday, January 29th. Presentation materials will be available here after the talk.
Also:
