SlideShare une entreprise Scribd logo

How Printers Get Hacked ?

H
HusseinMuhaisen

This is A simple presentation on how printers get hacked , this presentation was made by Hussein Muhaisen ( System Exploited )

Technologie
1  sur  12
Télécharger pour lire hors ligne
How Printers Get Hacked ?
Disclaimer
How Do Printers Get Hacked/Exploited ?
Methods on How Printers Get Hacked ? Open Ports Weak Credentials Outdated SoftwareVersion Open Portal ( No Login )
How To Secure Your Printer ? Close any Open Port , Many Printers use FTP , STMP , andTelnet ; these ports are widely used on networks for the ease of usage.These ports can be easily exploited by attackers. ChangeYour Default Credentials ,most of the printers come with a default password and some don't , default passwords can be easily found online , so change your default password and make sure it is a long password. ChangeYour Printers IPAddress , most of the printers are configured with a public ip address , make sure to switch your public address to an internal address and at some point configure your printer to be displayed and found on a certain subnet in your network. ApplyThe Latest Software Update for your printer , I can't stress enough on how this is important.
What are The Tools Used To Exploit Printers ? These are the most commonTools usedby Black Hat Hackers , I really recommend knowing how these tools work not just use them , these are powerful tools that are made by highly educated people don't just use them without understanding them. PRET,PRET is an Exploitation FrameworkThat is built for exploiting printers Shodan,Shodan is a search engine that lets the user find specific types of computers connected to the internet using a variety of filters. Some have also described it as a search engine of service banners, which are metadata that the server sends back to the client.
Common Exploitation Methods Port 9100 , this is the default port for printers it is used to transfer raw data Public Exploits, CVE-2016- 3238 and MS16-087 , this is a vulnerability that allows an attacker to infect and spread malware on a network. More Details here: Demo Searching for printers in shodan
Practical Showcase
Practical Information • As you can see from the previous image , just by doing a simple shodan search you can see the vulnerable printers , and from there the hackers take the IP addresses shown and exploit the printer using PRET , manually , or any other technique.This is a simple method of finding exploitable printers. I Am not going to show the usage of PRET because there is many articles/videos on it.
Points to Remember Everything shown was only used and showcased for Ethical Purposes. Everything is Exploitable
References https://www.shodan.io https://github.com/RUB- NDS/PRET https://www.wikipedia.org
Thank You • This presentation was kindly made by System Exploited ( Hussein Muhaisen ) • Check Me Out : • https://twitter.com/ExploitedSystem • https://youtube.com/SystemExploited • https://husse1n.com • https://zsecurity.com/author/muhaisenhussein

Recommandé

Hacking with Remote Admin Tools (RAT)
Hacking with Remote Admin Tools (RAT) Hacking with Remote Admin Tools (RAT)
Hacking with Remote Admin Tools (RAT)
Zoltan Balazs
 
Disabling Ports 135 and 445 to protect the Road Warrior
Disabling Ports 135 and 445 to protect the Road WarriorDisabling Ports 135 and 445 to protect the Road Warrior
Disabling Ports 135 and 445 to protect the Road Warrior
David Sweigert
 
Help
HelpHelp
Help
artibsha87
 
Parallel port programming
Parallel port programmingParallel port programming
Parallel port programming
mangal das
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2
ratnalajaggu
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Roorkee Cetpa
 
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
Felipe Prado
 
Hacking
HackingHacking
Hacking
rameswara reddy venkat
 

Recommandé

Hacking with Remote Admin Tools (RAT)
Hacking with Remote Admin Tools (RAT) Hacking with Remote Admin Tools (RAT)
Hacking with Remote Admin Tools (RAT)
Zoltan Balazs
 
Disabling Ports 135 and 445 to protect the Road Warrior
Disabling Ports 135 and 445 to protect the Road WarriorDisabling Ports 135 and 445 to protect the Road Warrior
Disabling Ports 135 and 445 to protect the Road Warrior
David Sweigert
 
Help
HelpHelp
Help
artibsha87
 
Parallel port programming
Parallel port programmingParallel port programming
Parallel port programming
mangal das
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2
ratnalajaggu
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Roorkee Cetpa
 
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
Felipe Prado
 
Hacking
HackingHacking
Hacking
rameswara reddy venkat
 
Hacking
HackingHacking
Hacking
Roshan Chaudhary
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Roorkee Cetpa
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hacking
Amanpreet Singh
 
IRJET- Smart System to Aid Blind People
IRJET- Smart System to Aid Blind PeopleIRJET- Smart System to Aid Blind People
IRJET- Smart System to Aid Blind People
IRJET Journal
 
Information gathering
Information gatheringInformation gathering
Information gathering
MoTechInc
 
Reverse engineering – debugging fundamentals
Reverse engineering – debugging fundamentalsReverse engineering – debugging fundamentals
Reverse engineering – debugging fundamentals
Eran Goldstein
 
Information security & EthicalHacking
Information security & EthicalHackingInformation security & EthicalHacking
Information security & EthicalHacking
Ave Nawsh
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
EC-Council
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorial
MSA Technosoft
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
belsis
 
Hacking Presentation
Hacking PresentationHacking Presentation
Hacking Presentation
Animesh Behera
 
04-post-connection-attacks.pdf
04-post-connection-attacks.pdf04-post-connection-attacks.pdf
04-post-connection-attacks.pdf
xasako1838
 
Ce hv6 module 63 botnets
Ce hv6 module 63 botnetsCe hv6 module 63 botnets
Ce hv6 module 63 botnets
Vi Tính Hoàng Nam
 
Spyware triggering system by particular string value
Spyware triggering system by particular string valueSpyware triggering system by particular string value
Spyware triggering system by particular string value
IJERD Editor
 
Two-For-One Talk: Malware Analysis for Everyone
Two-For-One Talk: Malware Analysis for EveryoneTwo-For-One Talk: Malware Analysis for Everyone
Two-For-One Talk: Malware Analysis for Everyone
Paul Melson
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain Essay
Karen Oliver
 
Ce hv6 module 50 software piracy and warez
Ce hv6 module 50 software piracy and warezCe hv6 module 50 software piracy and warez
Ce hv6 module 50 software piracy and warez
Vi Tính Hoàng Nam
 
Hacking In Detail
Hacking In DetailHacking In Detail
Hacking In Detail
Greater Noida Institute Of Technology
 
Secure programming with php
Secure programming with phpSecure programming with php
Secure programming with php
Mohmad Feroz
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and Spywares
Ankit Mistry
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
The Digital Insurer
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
wesley chun
 

Contenu connexe

Similaire à How Printers Get Hacked ?

Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hacking
Amanpreet Singh
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
EC-Council
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorial
MSA Technosoft
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain Essay
Karen Oliver
 

Similaire à How Printers Get Hacked ? (20)

Hacking
HackingHacking
Hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hacking
 
IRJET- Smart System to Aid Blind People
IRJET- Smart System to Aid Blind PeopleIRJET- Smart System to Aid Blind People
IRJET- Smart System to Aid Blind People
 
Information gathering
Information gatheringInformation gathering
Information gathering
 
Reverse engineering – debugging fundamentals
Reverse engineering – debugging fundamentalsReverse engineering – debugging fundamentals
Reverse engineering – debugging fundamentals
 
Information security & EthicalHacking
Information security & EthicalHackingInformation security & EthicalHacking
Information security & EthicalHacking
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorial
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Hacking Presentation
Hacking PresentationHacking Presentation
Hacking Presentation
 
04-post-connection-attacks.pdf
04-post-connection-attacks.pdf04-post-connection-attacks.pdf
04-post-connection-attacks.pdf
 
Ce hv6 module 63 botnets
Ce hv6 module 63 botnetsCe hv6 module 63 botnets
Ce hv6 module 63 botnets
 
Spyware triggering system by particular string value
Spyware triggering system by particular string valueSpyware triggering system by particular string value
Spyware triggering system by particular string value
 
Two-For-One Talk: Malware Analysis for Everyone
Two-For-One Talk: Malware Analysis for EveryoneTwo-For-One Talk: Malware Analysis for Everyone
Two-For-One Talk: Malware Analysis for Everyone
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain Essay
 
Ce hv6 module 50 software piracy and warez
Ce hv6 module 50 software piracy and warezCe hv6 module 50 software piracy and warez
Ce hv6 module 50 software piracy and warez
 
Hacking In Detail
Hacking In DetailHacking In Detail
Hacking In Detail
 
Secure programming with php
Secure programming with phpSecure programming with php
Secure programming with php
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and Spywares
 

Dernier

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 

Dernier (20)

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 

How Printers Get Hacked ?

  • 4. Methods on How Printers Get Hacked ? Open Ports Weak Credentials Outdated SoftwareVersion Open Portal ( No Login )
  • 5. How To Secure Your Printer ? Close any Open Port , Many Printers use FTP , STMP , andTelnet ; these ports are widely used on networks for the ease of usage.These ports can be easily exploited by attackers. ChangeYour Default Credentials ,most of the printers come with a default password and some don't , default passwords can be easily found online , so change your default password and make sure it is a long password. ChangeYour Printers IPAddress , most of the printers are configured with a public ip address , make sure to switch your public address to an internal address and at some point configure your printer to be displayed and found on a certain subnet in your network. ApplyThe Latest Software Update for your printer , I can't stress enough on how this is important.
  • 6. What are The Tools Used To Exploit Printers ? These are the most commonTools usedby Black Hat Hackers , I really recommend knowing how these tools work not just use them , these are powerful tools that are made by highly educated people don't just use them without understanding them. PRET,PRET is an Exploitation FrameworkThat is built for exploiting printers Shodan,Shodan is a search engine that lets the user find specific types of computers connected to the internet using a variety of filters. Some have also described it as a search engine of service banners, which are metadata that the server sends back to the client.
  • 7. Common Exploitation Methods Port 9100 , this is the default port for printers it is used to transfer raw data Public Exploits, CVE-2016- 3238 and MS16-087 , this is a vulnerability that allows an attacker to infect and spread malware on a network. More Details here: Demo Searching for printers in shodan
  • 9. Practical Information • As you can see from the previous image , just by doing a simple shodan search you can see the vulnerable printers , and from there the hackers take the IP addresses shown and exploit the printer using PRET , manually , or any other technique.This is a simple method of finding exploitable printers. I Am not going to show the usage of PRET because there is many articles/videos on it.
  • 10. Points to Remember Everything shown was only used and showcased for Ethical Purposes. Everything is Exploitable
  • 12. Thank You • This presentation was kindly made by System Exploited ( Hussein Muhaisen ) • Check Me Out : • https://twitter.com/ExploitedSystem • https://youtube.com/SystemExploited • https://husse1n.com • https://zsecurity.com/author/muhaisenhussein