Re: Undocumented telnet access to Brother HL-2280DW
There's a framework for hacking printers (and maybe other networked hardware). I did a quick Google and didn't find it but that's what I'd suggest looking for.
Celejar <celejar@gmail.com> wrote:
>The Brother HL-2280DW (network printer) listens on port 23, but I
>can't get a working telnet session going. Telnet option negotiation
>seems to take place, but I get no login or any other sort of prompt.
>Pressing enter a few times, with or without typing random text,
>eventually results in the remote host disconnecting.
>
>Here's a netcat dump of a session where I repeatedly press enter until
>disconnection:
>
>< 00000000 1b 5b 32 4a 1b 5b 31 3b 31 66 # .[2J.[1;1f
>< 0000000a ff fb 01 ff fb 03 ff fd 03 # .........
>> 00000000 0a # .
>< 00000013 ff fb 01 ff fb 03 ff fd 03 # .........
>< 0000001c 0d 0a # ..
>> 00000001 0a # .
>< 0000001e 0d 0a # ..
>> 00000002 0a # .
>< 00000020 0d 0a # ..
>> 00000003 0a # .
>< 00000022 0d 0a # ..
>> 00000004 0a # .
>< 00000024 0d 0a # ..
>> 00000005 0a # .
>
>If I understand this correctly, the first few lines are telnet option
>negotiation, but nothing after that.
>
>nmap reports:
>
>23/tcp open telnet Brother/HP printer telnetd
>
>but I don't know if it's just assuming that daemon, since the machine
>is listening on port 23 and it's a Brother, or if it is actually
>managing to connect
>
>The documentation for this model doesn't seem to say anything about
>telnet access, and I can find no mention of it in the web management
>interface, which does list the other open ports / services, including
>FTP, SNMP, POP3 and SMTP. I have tried connecting to these other
>services, and they seem to work.
>
>So what do we have here? Some sort of broken, half-baked telnet service
>running, or am I doing something wrong?
>
>Celejar
Reply to: