ShmooCon 2011: Printer to PWND: Leveraging Multifunction Printers During Penetration Testing

Repeat range

Drag the sliders above to repeat any part of the video.
[show more]

Views:

Favorited by people

Uploaded by

Description:

Speaker: Deral Heiland "PercX" and Pete Arzamendi "Bokojan"
In this presentation we go beyond the common printer issues and focus on harvesting data from multifunction printer (MFP) that can be leveraged to gain access to other core network systems. By taking advantage of poor printer security and vulnerabilities during penetration testing we are able to harvest a wealth of information from MFP devices including usernames, email addresses, authentication information including SMB, Email, LDAP passwords. Leveraging this information we have successful gained administrative access into core systems including email servers, file servers and Active directory domains on multiple occasions. We will also explore MFP device vulnerabilities including authentication bypass, information leakage flaws, and XSS flaws. Tying this altogether we will discuss the development of an automated process for harvesting the information from MFP devices with the beta release of our new tool 'PRAEDA'.

For more information visit: http://bit.ly/shmoocon2011_information
To download the video visit: http://bit.ly/shmoocon2011_videos

Repeat Youtube Videos!

Welcome to YouRepeat.com! Search for your favorite song or repeat youtube videos by changing 'tube' with 'repeat' in any youtube.com video link.

Like us on Facebook.com!

We need your support on facebook and the rest of the social networks! Support yourepeat.com by giving a like!

Install YouRepeat Chrome extension

One click to start auto-repeating YouTube videos. Click here to install. To uninstall the extension, go to Tools->Extensions in Chrome browser and click on the Remove icon.

All rights reserved © 2012 YouRepeat.com | Terms of Use | Privacy Policy | Copyrights | Contact us
Any third party products, brands or trademarks listed above are the sole property of their respective owner. No affiliation or endorsement is intended or implied. Our product has no affiliation with YouTube.