Now that we're at it. I've added an small enhancement for plugin 10172
which retrieves the information from the telnet server of an HP printer
(when no password is configured).
Can anyone test it? It seems the regexp (if ( info >< "JetDirect" ) {)
doesn't work... go wonder.
Regards
Javi
PS: I have just submitted it as Bug 215, just for the record.
http://bugs.nessus.org/show_bug.cgi?id=215
--- /usr/lib/nessus/plugins/passwordless_hp_printer.nasl Mon Mar 3 13:30:07 2003
+++ passwordless_hp_printer.nasl Wed Mar 5 11:56:51 2003
@@ -58,6 +58,7 @@
# The script code starts here
#
+passwordless = 0;
port = 23;
if(get_port_state(port))
{
@@ -69,7 +70,7 @@
set_kb_item(name:"devices/hp_printer", value:TRUE);
buf = recv(socket:soc, length:1024);
buf = tolower(buf);
- if(!("password" >< buf))security_hole(port);
+ if(!("password" >< buf)) passwordless = 1;
}
else {
buf = recv(socket:soc, length:1024, timeout:2);
@@ -77,9 +78,21 @@
if("JetDirect" >< buf)
{
set_kb_item(name:"devices/hp_printer", value:TRUE);
- if(!("password" >< buf))security_hole(port);
+ if(!("password" >< buf)) passwordless = 1;
}
}
+ if ( passwordless ) {
+# Send '/' to retrieve the current settings
+ request = string ("/\r\n");
+ send(socket:soc, data:request);
+ info = recv(socket:soc, length: 1024);
+ if ( info >< "JetDirect" ) {
+ report = string ("It was possible to obtain the remote printer configuration:", info);
+ } else {
+ report = string ("The printer did not answer as expected when sending it '/':", info);
+ }
+ security_hole(port, data:report);
+ }
close(soc);
}
}
This archive was generated by hypermail 2b30 : Wed Mar 05 2003 - 02:04:53 PST