Ok now that we have showed you how to bypass authentication on a Toshiba eStudio MFP device. The next obvious step is what data can be extracted. Well it turns out that the Toshiba eStudio multifunction printers also leaks data. If you examine the HTML source code of any of the configuration pages you will find the passwords in plan text. Yes that ******* in the password configuration setting field is not really hiding anything.
For Latest Advisory click here
PercX will being speaking on printers, and embedded device information gathering attacks. Covering how the information is leveraged to gain access to other core network server systems. Also will be discussing the tool Praeda and its features, functions, and future. So join PercX at BSides Delaware. Registration is available here and schedule information is available here. Follow PercX on twitter at @Percent_X
PercX will be presenting more printer hacking at the Bangalore, India security conference Securitybyte on September 6th. This will coincide with an updated release of PRAEDA that will contain several new modules to test for default authentication credentials and information leakage on embedded network appliances.
Congratulations to our own percX for winning the moustache category at the Defcon Beard & Moustache Championship. Sunglasses and Fu Manchu FTW!
A quick post to let y’all know that both PercX and Foofus have speaking slots at this year’s Defcon. PercX will be speaking on Friday at 12:00. Foofus will be speaking at 18:30 on Saturday. Naturally, check your Defcon program to verify these times.
PercX will be on the Guest Tech Segment of PaulDotCom Security Weekly – Episode 237 this Thursday March 31st, 2011.
I’ve posted an updated version of my “Karma” patch for HostAP (hostap_0_7_2-775-g9fc6aa9). This patch adds Karma-style automatic probe response, in addition to PEAP/MSCHAPv2 authentication logging (think all-in-one FreeRadius-WPE). See the Wireless page for a link to the old Hostap 0.6.9 patch and the newer version.
PercX has been furiously hacking multi-function printers, and the result is a new tool called Praeda. Praeda is used to interrogate printers from a variety of manufacturers in an effort to gain information about a target network, or compromise credentials. You can get it here. It’s written in perl.
Required perl modules:
praeto.pl TARGET_FILE TCP_PORT PROJECT_NAME OUTPUT_FILE
TARGET_FILE = List of IP addresses or Host names to enumerated
TCP_PORT = port address of targets to scan ” At present only one port can be specified. This is expected to be modified in future version”
PROJECT_NAME = the name for this project. This will create a folder under the folder where Praeda was executed to contain logs and export info.
OUTPUT_FILE = name of log file for data output
./praeda.pl target.lst 80 project1 data-file
The results will create a folder called project1 and save all information in that folder. Praeda will also create a log file called data-file.log to store output and diagnostics.
It’s 2011, and we’re going to Shmoocon. PercX and Bokojan will be giving a presentation – Printer to PWND: Leveraging Multifunction Printers During Penetration Testing. They have some interesting research to present. The presentation begins at 10:00 on Saturday, January 29th. Presentation materials will be available here after the talk.
I reworked the site a bit yesterday. My goal is to migrate all of my old patches/content into it. You’ll find a couple of new pages (Passwords & Hashes, Challenge/Response Authentication) linked on the right sidebar. These pages should contain the latest Samba and other patches I’ve put together over the years.
I’ve also added a new wireless page which contains a patch to Hostapd that adds auto-probe response and PEAP/MSCHAPv2 logging fun.