20210510 -

0. set out

When reading the paper , Suddenly think of the time before , I have seen some printer vulnerabilities ; Then I searched on Google ,“printer rce”, Then I found this article 《A Sheep in Wolf’s Clothing – Finding RCE in HP’s Printer Fleet》
Frankly speaking , This article is too long , I haven't seen it completely .

The general content is , By purchasing the actual machine , Then we get the firmware in reverse , Finally, we get the relevant source code . At the end , Found some loopholes in the source code . After replacing some contents of the firmware , Implemented a RCE. I don't know if I completely understand .

Feel this way , In fact, it's quite complicated , Because it involves replacing some contents of firmware , And when doing firmware reverse , Also replace the hard disk to avoid HP's own encryption .

1. Think in reverse

Before I read this article , I have also briefly thought about some related content . The possible attack surface is two parts （ If you do not reverse the firmware ）：web Interface , Print protocol . Through the test of these two places , It may be a simple and rough way to directly conduct fuzzy testing , So as to obtain the entry point of some vulnerabilities . But what? , Even if it's WEB Interface , His entry points may also be pitiful , therefore , It may also be difficult to find the real vulnerability . however , If it can be reversed , You can audit code more quickly to find vulnerabilities .
These are my own thoughts , The actual situation will certainly be more complicated .

By searching on the search engine , You can find many online printers , I checked in a few , Some HP printers only let you see a homepage , Others need to log in , Some can read a lot of information .

2. Harvest

When reading this article , Two contents related to printers are provided ：

• Hacking Printers Wiki
• PRET - Printer Exploitation Toolkit