Undocumented telnet access to Brother HL-2280DW
The Brother HL-2280DW (network printer) listens on port 23, but I
can't get a working telnet session going. Telnet option negotiation
seems to take place, but I get no login or any other sort of prompt.
Pressing enter a few times, with or without typing random text,
eventually results in the remote host disconnecting.
Here's a netcat dump of a session where I repeatedly press enter until
disconnection:
< 00000000 1b 5b 32 4a 1b 5b 31 3b 31 66 # .[2J.[1;1f
< 0000000a ff fb 01 ff fb 03 ff fd 03 # .........
> 00000000 0a # .
< 00000013 ff fb 01 ff fb 03 ff fd 03 # .........
< 0000001c 0d 0a # ..
> 00000001 0a # .
< 0000001e 0d 0a # ..
> 00000002 0a # .
< 00000020 0d 0a # ..
> 00000003 0a # .
< 00000022 0d 0a # ..
> 00000004 0a # .
< 00000024 0d 0a # ..
> 00000005 0a # .
If I understand this correctly, the first few lines are telnet option
negotiation, but nothing after that.
nmap reports:
23/tcp open telnet Brother/HP printer telnetd
but I don't know if it's just assuming that daemon, since the machine
is listening on port 23 and it's a Brother, or if it is actually
managing to connect
The documentation for this model doesn't seem to say anything about
telnet access, and I can find no mention of it in the web management
interface, which does list the other open ports / services, including
FTP, SNMP, POP3 and SMTP. I have tried connecting to these other
services, and they seem to work.
So what do we have here? Some sort of broken, half-baked telnet service
running, or am I doing something wrong?
Celejar
Reply to: