Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

Printer MITM revisited: prn-2-me

Well it’s been a while since I wrote about man in the middling printers (original post here), but I’ve not been totally ignoring the subject. After releasing the UA-Tester tool and writing a few small scripts for things like scr.im, I went back and had a look at the printer MITM topic with a mind to writing up a tool (in python obviously) to automate some of it. The result is a workable PoC tool called prn-2-me (mostly because it was late, and all creativity was long gone… sorry, no snazzy title this time!).

PRN-2-me is a simple listener that can be configured to run on any port (default is 9100 for jetdirect style connections). The tool will then save all incoming PCL and PostScript print jobs to file and forward them on to the real printer.

Now that you’ve got the print jobs saved to disk, it’s a simple task of sifting through them and seeing what nuggets of gold you’ve captured.

Postscript (PS): The simple format… you can open .ps files in most operating systems without any specialist software needed. Click and run… These files are also a LOT better quality than the PCL alternatives. If you don’t believe me just check out the samples.

Sample PS file –> HERE

PCL: Not so simple… PCL isn’t well supported when it comes to viewers. However all is not lost. There are 2 options here.

OpenPCL Viewer – Java based viewer (project can be found here)

GhostPCL  – By grabbing the source for GhostPDL you can compile PCL and/or XPS support to easily convert to other formats (project can be found here)

Example command line (example output):

pcl6 -sDEVICE=pdfwrite -sOutputFile=job_001_PCL.pdf job_001_PCL.pcl

Sample PCL file –> HERE

So, what’s next!

I’ve given up promising things on the blog, as I’ve already got a plate full of other projects waiting to start. Still, I hope to implement the same functionality into Metasploit at some point. There’s no reason why one of the capture modules couldn’t be re-written to capture printer traffic to file. If I can do it, it can’t be that complex after all 😉

The script is available for download HERE or in the tools section.

The tool is licensed under a mixture of BEERware (where you buy me beers if you like the tool) and FEEDBACKware (where you tell me how crap it is so I can make it better). Enjoy!


%d bloggers like this: