Praeda – A Automated Printer Data Harvesting Tool. Is a tool we’re developing to better understand the risks associated with multi-function printers, and to help penetration testers gather usable data during security assessment job.
Several new modules were added on September 6 2012. I expect to continue adding modules as they are developed and tested. We have expanded Praeda to include all embedded devices, not just MFPs.
We are now hosting Praeda on Github. This makes rolling out updated patches and modules easier.
You can find a copy of Praeda here.
————————————————————————————————————————————
Oct. 26 2011
So here is another advisory for Toshiba eStudio printer. We have found a number of these type of information leakage vulnerabilities on printers and have found them to be very useful during penetration testing. I have used them on many occasions to gain access to Windows active directory, and a few times even Domain Admin access.
Advisory 10/16/2011 Toshiba eStudio Multifunction Printer Information Leakage .
Keep up on Praeda, Advisories, hacking, and security research follow percX on Twitter @Percent_X
——————————————————————————————————————————–
Oct. 20, 2011
So we found a couple bugs in a few modules. Appears we had an “exit;” where there should have been none, causing Praeda to exit incorrectly. These issues have been fixed and new code uploaded to foofus.net. Current version 0.01.3.1b
So if you come across any bugs while running Praeda please report them ASAP (percx at foofus.net) so we can get them corrected.
We are also interested in any recommendation for improving the output, and of course if you have any modules you have created , or changes you have made to existing modules that just make it all better, please share them!
————————————————————————————————————————————–
Oct. 16, 2011
It has been awhile and it is time to start publishing some of the vulnerabilities found during research and development of Praeda.
Advisory 10/16/2011 Toshiba eStudio Multifunction Printer Authentication Bypass .
I have had limited access to Toshiba eStudio devices lately and would like to request some help. If everyone could test this against their eStudio MFP and send me the model number , firmware level, and whether your device was vulnerable. This would greatly help us with the development of Praeda, and updating the advisory. Results can be emailed to percx at foofus.net.
Keep up on Praeda, Advisories, hacking, and security research follow percX on Twitter @Percent_X