PRAEDA: A Automated Printer Data Harvesting Tool!!!

[firebits]

Exciting times! I wish to stay awake all night long and know whats going on at ShmooCon! Unfortunately, I haven’t been there evar! Anyways, about Praeda, it helps you to leverage Multifunction Printers during penetration tests and gain access to other core network systems! It is a known fact that most printers are left unsecured in an organization with default passwords and sometimes the network interface is open to the internet! This is evident from several of our Shodan Queries and Google Dorks. Incidentally, Praeda means to plunder, spoils of war, booty taken in a war (penetration test in our case!).


By taking advantage of poor printer security and vulnerabilities during penetration testing we are able to harvest a wealth of information from MFP devices including user-names, email addresses, user address books, authentication information including SMB, Email, LDAP passwords, etc. Sometimes, they could also aid you in remote retrieval of prints, faxes, scan copies! Certain printer installations could also allow you to access the HTTP interface, and make a configuration copy! This could allow you to further see the internals! In short, PRAEDA is designed to automate some of the information gathering from network appliances through web-management interfaces such as printers and network appliances.


This open source tool is programmed in Perl and has several modules that focus on almost 28 devices in all! The module to be used is enumerated from the different models of printers using “Title page” and “Server type” responses from the printer management page.


Its required Perl modules are:


LWP::Simple
LWP::UserAgent
HTML::TagParser
URI::Fetch
HTTP::Cookies


Sample syntax:



praeto.pl TARGET_FILE TCP_PORT PROJECT_NAME OUTPUT_FILE



All of the results will create a folder called “project1” and save all information in that folder. Also will create a log file called data-file.log to hold information.


Link: Download Praeda Beta (praeda.tgz.gz)
http://www.foofus.net/~percX/praeda/praeda.tgz


@firebitsbr

[Infad3L]

2'nd this one and there should be a man on now to create new scripts to build out the ability to auto recognize the printers on a network and scrape data....

[furt1maggr3d10r]

Hi,
Interested in trying this so I downloaded and this was the results.. Any idea what went wrong??


root@bt:/home/downloads/praeda/praeda# ./praeda.pl target.lst 80 project1 data-file
Can't locate HTML/TagParser.pm in @INC (@INC contains: /etc/perl /usr/local/lib/perl/5.10.1 /usr/local/share/perl/5.10.1 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10 /usr/local/lib/site_perl .) at ./praeda.pl line 41.
BEGIN failed--compilation aborted at ./praeda.pl line 41.
root@bt:/home/downloads/praeda/praeda#



\cheers

[spawn]

Please, see at OP Required Perl Modules

Regards,

[furt1maggr3d10r]

Well
When I go to install the modules, after cross checking each name...
Here is the results

root@contego:~# apt-get install libhtml-parser-perl
Reading package lists... Done
Building dependency tree
Reading state information... Done
libhtml-parser-perl is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.



Also,

root@contego:~# perl -v

This is perl, v5.10.1 (*) built for x86_64-linux-gnu-thread-multi

Copyright 1987-2009, Larry Wall

Perl may be copied only under the terms of either the Artistic License or the
GNU General Public License, which may be found in the Perl 5 source kit.

Complete documentation for Perl, including FAQ lists, should be found on
this system using "man perl" or "perldoc perl". If you have access to the
Internet, point your browser at http://www.perl.org/, the Perl Home Page.



What am I missing??

cheers

[spawn]

Champion, do the following ....

Code:

# cpan
cpan >  install HTML::TagParser
cpan > install URI::Fetch
cpan > exit

# ./praeda.pl .......

Regards,

[furt1maggr3d10r]

That did the trick. Thanks for the assist and teaching me to fish...


Cheers