Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Unauthorized HP office pro printer

By kannthu

High
Vidoc logoVidoc Module
#hp#iot#unauth
Description

Unauthorized HP Office Pro Printer

What is the "Unauthorized HP Office Pro Printer?"

The "Unauthorized HP Office Pro Printer" module is designed to detect unauthorized access to HP Officejet Pro printers. It targets the HP Officejet Pro and HP Designjet series of printers. This module is classified as high severity, indicating the potential for significant security risks.

This module was authored by pussycat0x and r3naissance.

Impact

If unauthorized access is detected, it could lead to potential security breaches and compromise the confidentiality, integrity, and availability of the printer and its connected network.

How the module works?

The module works by sending an HTTP GET request to the "/hp/device/webAccess/index.htm?content=security" path of the targeted HP Officejet Pro printer. It then applies two matching conditions to determine if unauthorized access is present:

    - The module checks if the response HTML contains the title tag with the text "HP Officejet Pro" or "HP Designjet". This is done using a regular expression match. - The module verifies if the response status code is 200, indicating a successful request.

If both conditions are met, the module reports a vulnerability, indicating unauthorized access to the HP Officejet Pro printer.

Example HTTP request:

GET /hp/device/webAccess/index.htm?content=security

The module then analyzes the response to determine if the printer is an HP Officejet Pro or HP Designjet model and reports the vulnerability accordingly.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/hp/device/webAccess...
Matching conditions
regex: <title>(HP Officejet Pro([ 0-9A-Za-z]+)|...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability