Re: Undocumented telnet access to Brother HL-2280DW

To: Shawn Wilson <ag4ve.us@gmail.com>
Cc: debian-user <debian-user@lists.debian.org>
Subject: Re: Undocumented telnet access to Brother HL-2280DW
From: Celejar <celejar@gmail.com>
Date: Sun, 29 Dec 2013 09:19:11 -0500
Message-id: <[🔎] 20131229091911.3ad99728fb19e26c419576e7@gmail.com>
In-reply-to: <[🔎] 8a9bbab8-5744-4c35-ab21-64b00cd227d6@email.android.com>
References: <[🔎] 20131227000046.04498c2ebce89c8a4e97e496@gmail.com> <[🔎] 8a9bbab8-5744-4c35-ab21-64b00cd227d6@email.android.com>

On Fri, 27 Dec 2013 00:22:48 -0500
Shawn Wilson <ag4ve.us@gmail.com> wrote:

> There's a framework for hacking printers (and maybe other networked
> hardware). I did a quick Google and didn't find it but that's what I'd
> suggest looking for.

Do you mean this?

http://www.irongeek.com/i.php?page=security/networkprinterhacking

I had encountered that page, but a cursory look doesn't indicate that
it's of much use here - it seems to presume that one can actually get a
telnet connection going.

> Celejar <celejar@gmail.com> wrote:

> >The Brother HL-2280DW (network printer) listens on port 23, but I
> >can't get a working telnet session going. Telnet option negotiation
> >seems to take place, but I get no login or any other sort of prompt.
> >Pressing enter a few times, with or without typing random text,
> >eventually results in the remote host disconnecting.
> >
> >Here's a netcat dump of a session where I repeatedly press enter until
> >disconnection:
> >
> >< 00000000 1b 5b 32 4a 1b 5b 31 3b 31 66                   # .[2J.[1;1f
> >< 0000000a ff fb 01 ff fb 03 ff fd 03                      # .........
> >> 00000000 0a                                              # .
> >< 00000013 ff fb 01 ff fb 03 ff fd 03                      # .........
> >< 0000001c 0d 0a                                           # ..
> >> 00000001 0a                                              # .
> >< 0000001e 0d 0a                                           # ..
> >> 00000002 0a                                              # .
> >< 00000020 0d 0a                                           # ..
> >> 00000003 0a                                              # .
> >< 00000022 0d 0a                                           # ..
> >> 00000004 0a                                              # .
> >< 00000024 0d 0a                                           # ..
> >> 00000005 0a                                              # .
> >
> >If I understand this correctly, the first few lines are telnet option
> >negotiation, but nothing after that.
> >
> >nmap reports:
> >
> >23/tcp   open  telnet     Brother/HP printer telnetd
> >
> >but I don't know if it's just assuming that daemon, since the machine
> >is listening on port 23 and it's a Brother, or if it is actually
> >managing to connect
> >
> >The documentation for this model doesn't seem to say anything about
> >telnet access, and I can find no mention of it in the web management
> >interface, which does list the other open ports / services, including
> >FTP, SNMP, POP3 and SMTP. I have tried connecting to these other
> >services, and they seem to work.
> >
> >So what do we have here? Some sort of broken, half-baked telnet service
> >running, or am I doing something wrong?
> >
> >Celejar


Celejar

Reply to:

References:
- Undocumented telnet access to Brother HL-2280DW
  - From: Celejar <celejar@gmail.com>
- Re: Undocumented telnet access to Brother HL-2280DW
  - From: Shawn Wilson <ag4ve.us@gmail.com>

Prev by Date: Re: Undocumented telnet access to Brother HL-2280DW
Next by Date: Testers for typo3-src security update (in particular squeeze packages)
Previous by thread: Re: Undocumented telnet access to Brother HL-2280DW
Next by thread: Re: Undocumented telnet access to Brother HL-2280DW
Index(es):
- Date
- Thread