PRinter Exploitatin Toolkit (PRET)

Repo: GitHub

Get Connected

Usage: ./pret.py <target_ip> <ps|pjl|pcl>

If you know which protocol (ps, pjl, or pcl) is supported by the printer, try that first. Otherwise just try all 3 real quick until you get a shell on the printer.

Basic, key commands

help   # list commands
id     # display name
status # display console data
ls     # list file system contents
get    # download a file

The Print Queue

ls
ls pjl
ls pjl/jobs
cat pjl/jobs/queue

Are things encrypted?

info variables     # check to see which encryption mode is enabled
nvram dump         # dump the nvram of the printer, which likely has the encryption key

If an IV is required for decryption, pay attention to the encryption mode. Probably at/towards the beginning of the crypto block, maybe preceded by a length.

xxd file | head -5     # take a look at the first few lines of the file
                       # an IV is likely to be random (i.e. not a lot of 0x00)

How is the printer setup?

info          # list info categories available
info config   # Look at the current configuration of the printer