A printer, who cares...HP's Printer Job Language(PJL)... sounds innocent enough. While researching into how to secure these devices some new malicious abuses have been discovered as well as some fun new uses for old attacks. We will cover how to send SNMP commands to HP printers and get back responses even if SNMP is disabled on the device. As well as discus some of the other fun that can be had with PJL and its lack of security like printer information gathering, control panel lockout, disk lockout, file uploads, file downloads, and mass LCD changing. PrintFS is the culmination of all of this research combined. Allowing for the printers in an enterprise to become a large storage receptacle for data ex-filtration, covert storage, and browser exploitation tactics. After the talk I will be releasing the printFS printer file- system tool as well as the python PJL library and another demo PJL python script.
Ben Smith AKA Thex1le AKA Textile <damn you roamer!>, A member of the Remote-Exploit.org Security Research group and Penetration Tester. Is the author of two Aircrack-ng Tools, Airdrop-ng and Airgraph-ng as well as some support tools. He has spent many years researching wireless vulnerabilities and is taking the time to finally step away from wireless and focus his studies into enterprise networks. As a Penetration Tester with evil on the brain, recent ventures have been focused on innocent printers. These printers have been abused and are ready for exhibitionism. He does not know what will be next as this up and coming security researcher continues down a path of pwnage.