Fun Had With Networks – Shared Printers
So, if you've never read this blog before, quick fact: I have issues with my school's networks. I've been kicked off them before for "SSH brute forcing" a server set up to BE brute forced. I've been denied various requests for accounts being transferred to me due to being a student and the the administration not thinking I need said account. I've had money paid to other people with almost my same name because the administration was too lazy to use my email address.... or something, still not sure how that happened. Moral of the story, there's a lot of annoyances I deal with regarding this network, though its probably mainly my fault for being the way I am.
Now, for the lighter side of things, fun times that can be had with large networks of computers.
At my school you "need" a CD to get on the school network. Meaning, you have to run their CD, and install all its crap to get on. Really, all that it takes is just to register your MAC address, and actually just faking one works as well. But I digress. On this CD is a BUNCH of useless, slow, and annoying software. There's also one feature I like... a printer select utility. This really is nothing, just an easy way to add printers to a computer on the campus network. Typically, the idea is for laptops to find the closest printer... Hackers don't like to use software as intended however, and this is no different.
We've got some really nice printers here, new HPs among others, that are just GORGEOUS print quality. For some odd reason they suck at printing PDFs. It'll take about 10-15s per page to spool up, as opposed to a good page a second on regular text files. So if you do this from a lab, and stand in front of the printer EVERYONE hates you. I've seen 10 page PDFs take up to 5 minutes to print, and there's no smart queueing whereby regular documents could get pumped to a higher priority. Moral of the story you can't print PDFs except at night, and if you want to get yelled at. That is, if you're in the lab. I'll add a printer from a big building near the center of campus from my office last year (a good 15 minute walk), print my PDF, and walk over. By the time I get there I just walk in, pretend to be a computer aide, "check" the printer, take my PDF and walk out. I've wasted none of my time, as I had to walk across campus anyways, and no one knows it was me tieing up the printer.
Same works if someone prints a PDF ahead of you. I had to print an important paper in about 5 minutes, and the girl next to me printed a 20 page PDF. I was quite irked, but just printed a copy to the printer next door, and walked over there to fetch it. Again, my time isn't wasted and no onee's the wiser.
Now, that's just basic stuff, lets have some FUN. All new printers are actually computers, at least the high end ones. They've got JVM (Java virtual machines), RAM, and typically a web server. Also, an easy to get at diagnostics printout from the printer itself, though this can be password protected. Luckily at my school they never protect it, because what does a menu listing show anyways?! Well, for starters its the recon I use to find the goodies. Typcally I'll print one of these out to find the quickest route to a configuration printout, which is the next thing I print. Once I have that, I've got a wealth of information, including (my favorite) the IP and if its got a web server running. If it does, one can log right into that and get much more information. Most times there's no password set, and there's a direct print option from this pane. Why do i care about that? Because if I go over my print allotment (printing any other way deducts from my print allotment) I have to pay $.10 per page. Here's a way I can print directly to any printer on campus without paying a thing... *shh* don't tell anyone.
Now, lessons to be learned from this? For network users it would be that the admins might give you more power than they think. Do not abuse this power (i.e. printing a bunch of blank pages, or a PDF of all black pages to be an annoyance to the campus) because that's just immature. But do a little exploration and find oout what's available to you if you just *have* to get a certain paper in and something goes horribly wrong.
For network admins it would be that you need to make sure you know what you're giving your users access to. Yea, your new printer is cool, and it has no password because you either want access to that without memorizing a certain password, or just didn't know it was available, but now you have a huge hole in your network. If its got a processor, it can spread a virus, and these things even have a JVM which can be oh so fun.
March 16th, 2007 at 4:30 pm
I discovered something similar with the U of Arizona network a few years back. We somehow cobbled together a list of what we guessed amounted to >75% of the HP printers on campus.
It was then confirmed that almost none of them had any sort of password protection and would accept print requests over normal TCP/IP. This meant that I could sit at home and print stuff out on my desk at work, etc…
It also meant that we figured out how to anonymously and simultaneously bomb every one of the printers on our little list of love with randomly selected Shakespearean sonnets. Not that we ever pushed the button… except on our own network, and then only to test that it worked… but yeah.
And that’s w/o running Java apps on the printer