From Printer To Pwnd: Leveraging Multifunction Printers During Penetration Testing

Presented at DEF CON 19 (2011), Aug. 5, 2011, noon (50 minutes)

In this presentation we go beyond the common printer issues and focus on harvesting data from multifunction printer (MFP) that can be leveraged to gain access to other core network systems. By taking advantage of poor printer security and vulnerabilities during penetration testing we are able to harvest a wealth of information from MFP devices including usernames, email addresses, and authentication information including SMB, Email, LDAP passwords. Leveraging this information we have successful gained administrative access into core systems including email servers, file servers and Active directory domains on multiple occasions. We will also explore MFP device vulnerabilities including authentication bypass, information leakage flaws. Tying this altogether we will discuss the development of an automated process for harvesting the information from MFP devices with the updated release of our tool 'PRAEDA'.


  • Deral Heiland / percent_x - Senior Security Engineer,   as Deral Heiland
    Deral Heiland CISSP, serves as a Senior Security Engineer where he is responsible for security assessments, and consulting for corporations and government agencies. In addition, Deral is the founder of Layered Defense Research a group of security professionals responsible for discovering and publishing multiple vulnerabilities. Deral is also co-founder and president of Ohio Information Security Forum a not for profit organization that focuses on information security training and education. Deral has also presented at numerous conferences including ShmooCon, DEF CON, AFCEA InfoTech, Ohio Digital Government Summit , University of Wisconsin lockdown conference and has also been a guest lecturer at the Airforce Institute of Technology (AFIT). Deral has over 18 years of experience in the Information Technology field, and has held multiple positions including: Senior Network Analyst, Network Administrator, Database Manager, Financial Systems Manager and Senior Information Security Analyst where he was responsible for delivering security guidance and leadership in the area of risk and vulnerability management for a global Fortune 500 manufacturer.