Thread: XPS - Cross Printer Scripting Exploit
View Single Post
  #7 (permalink)  
Old 01-24-2008, 12:41 PM
mono mono is offline
WebProWorld New Member
  
Join Date: May 2006
Posts: 23
mono RepRank 0
Default Re: XPS - Cross Printer Scripting Exploit
You said , "Actually, it is possible for a web based applet to determine what (local) IP address the computer is using and scan the entire subnet looking for devices that respond to requests on a certain port. I've, uh... ahem... seen somebody else do it. "

Written in JAVA? or Flash? I thought Flash was safer than Javascript. Care to share that script privately? I'm a good guy --- passed all the prescreening and rigorous background checks to work at Symantec and worked there for a while -- I'd like a copy of that script for my private entomology collection.

You said, "You could also use a javascript that guesses what the local subnet of the computer would be and tries every address. "

Yeah I thought of that one. That's why I don't use the default 192.168.0.* on my local net. It would take a javascript long enough so you'd feel it to scan the entire class B, but not so long to scan the default class C with the fixed third octet of 0.

"This is even easier for routers - in default installations, there are maybe three common IP addresses for routers (192.168.0.1, 192.168.1.1, 10.0.0.1) and so many default usernames and passwords that you could easily create a simple script that would change the router's settings or cause the router to crash."

or rewrite certain well-known bank ip addresses to evil hacker webservers and phish the crap out of everyone. But you've moved off the printer hack and on to a more general hack, I think. I'm not following how exploiting port 9100 allows you to change the router. It seems to me like the root cause is having a vulnerable router in the first place which allows the hacker to both hack the router and exploit 9100.

Where I come from, the local custom is to assign 254 to the router, but it's just a custom, not a requirement. Anyone who runs a router on the open internet with the default uid/pass and configs is a clueless noob.
People your router is your point of ingress into your soft mushy underbally internal network. That's the door you want to lock.

WHEN ARE WE (in USA) GOING TO GO IPv6? Korea has it. and I think China too.
Reply With Quote