1 minute read
how to hack your epson printer
In this article, I want to show you how it is not safe to leave devices accessible from a WiFi network. In my case, I will be using my new epson printer for experiments that I bought for the new year. At the end of the article, we will write a simple epson printer’s scanner on your network, and if it is available, we will send something to print.
First of all, scan your wireless network via `nmap` for hosts discovery:
Advertisement
In my case I already know what my printer is `192.168.1.50`. Scan it for open tcp ports:
As you can see, some ports are open. Via [this](https://epson.com/faq/SPT_C11CD16201~faq-0000525shared), we can find out that `631` - for IPP/IPPS printing, `9100` - for network printing, `515` - forwarding LPR data.
For simplicity, let’s say that if `443` port banner contains `EPSON` - it’s EPSON printer:
If we scan `192.168.1.50` again for all TCP ports. We found that, `1865` is also open - Forwarding scan data from Document Capture Pro and Document Capture.
Practical Example
First of all, add a function to check which IP address we are in the wireless network.
Also add function which scan all our network for searching printers, if found “hack” them:
For simplicity just for experiment, we just print something via `9100` port. As I wrote earlier this port is used for network printers.
As you can see, we just import (https://github.com/python-escpos/python-escpos) library for printing. So the full source code of our script is something like this (`hack.py`):
As you can see everything is worked perfectly, our program logic is simple. Of course, this is a simple case and simple “dirty” PoC code. In real life, hackers use vulnerabilities in devices and write some kind of working exploit. For example some epson printers are vulnerable:
I hope this post if useful for entry level cybersec specialists and also for professionals.
Thanks for your time happy hacking and good bye! *PS. All drawings and screenshots are mine*
