Identify Vulnerabilities and Remote Services on your Printer using NMAP

The other day when I was casually searching for my wireless printer I noticed a WebService URL in the Printer search box!

FInd a Printer

It was a bit of a surprise to me – I poked around and realized there was a WebServer (httpd) running on the Printer and it supported WS-Print specification from Microsoft! You can read about it more here.

I wondered – what other servers could be running on the printer? So I ran an NMAP Scan (Using Zenmap) and voila – I found a handful of ports open on the printer which one would not usually associate with printing like telnet and FTP! For some of the ports there didn’t seem like there was any documentation.

I used intense scan which on Zenmap – the command from NMAP would be,

nmap -T4 -A -v 192.168.x.x

Here is a snippet of the NMAP Scan results,

 Discovered open port 21/tcp on 192.168.x.x
Discovered open port 23/tcp on 192.168.x.x
Discovered open port 443/tcp on 192.168.x.x
Discovered open port 80/tcp on 192.168.x.x
Discovered open port 9100/tcp on 192.168.x.x
Discovered open port 631/tcp on 192.168.x.x
Discovered open port 515/tcp on 192.168.x.x

So we have FTP, telnet, HTTPS, besides some print ports.

At least for FTP I was able to find documentation that supported the idea of being able to FTP prn files to the printer and they would get added to the queue for printing.

But for telnet I couldn’t find anything in my preliminary searches.

Kind of makes you realize – well – there is a reason why some people are into hacking printers and devices 🙂

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s