ChRiStIaAn008 asked:

Speaker: Deral Heiland “PercX” and Pete Arzamendi “Bokojan” In this presentation we go beyond the common printer issues and focus on harvesting data from multifunction printer (MFP) that can be leveraged to gain access to other core network systems. By taking advantage of poor printer security and vulnerabilities during penetration testing we are able to harvest a wealth of information from MFP devices including usernames, email addresses, authentication information including SMB, Email, LDAP passwords. Leveraging this information we have successful gained administrative access into core systems including email servers, file servers and Active directory domains on multiple occasions. We will also explore MFP device vulnerabilities including authentication bypass, information leakage flaws, and XSS flaws. Tying this altogether we will discuss the development of an automated process for harvesting the information from MFP devices with the beta release of our new tool ‘PRAEDA’. For more information visit: To download the video visit:

Tagged with →  
Share →

3 Responses to ShmooCon 2011: Printer to PWND: Leveraging Multifunction Printers During Penetration Testing

  1. TheMagentus says:

    Isn’t the screensaver supposed to tie into the session manager, such that killing it will also kill the session, and present a brand new X server, with a brand new login window?

  2. ChRiStIaAn008 says:

    @czegoszukasz thanks for mentioning it, just added it too the playlist

  3. czegoszukasz says:

    This video needs to be added to the SchmooCon playlist. Thanks a lot for your uploads!

Leave a Reply

Your email address will not be published. Required fields are marked *

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop us a note so we can take care of it!

Set your Twitter account name in your settings to use the TwitterBar Section.