Results 1 to 7 of 7

Thread: PRAEDA: A Automated Printer Data Harvesting Tool!!!

  1. #1
    Moderator firebits's Avatar
    Join Date
    Mar 2010
    Location
    Brazil
    Posts
    353

    Lightbulb PRAEDA: A Automated Printer Data Harvesting Tool!!!

    Exciting times! I wish to stay awake all night long and know whats going on at ShmooCon! Unfortunately, I haven’t been there evar! Anyways, about Praeda, it helps you to leverage Multifunction Printers during penetration tests and gain access to other core network systems! It is a known fact that most printers are left unsecured in an organization with default passwords and sometimes the network interface is open to the internet! This is evident from several of our Shodan Queries and Google Dorks. Incidentally, Praeda means to plunder, spoils of war, booty taken in a war (penetration test in our case!).


    By taking advantage of poor printer security and vulnerabilities during penetration testing we are able to harvest a wealth of information from MFP devices including user-names, email addresses, user address books, authentication information including SMB, Email, LDAP passwords, etc. Sometimes, they could also aid you in remote retrieval of prints, faxes, scan copies! Certain printer installations could also allow you to access the HTTP interface, and make a configuration copy! This could allow you to further see the internals! In short, PRAEDA is designed to automate some of the information gathering from network appliances through web-management interfaces such as printers and network appliances.


    This open source tool is programmed in Perl and has several modules that focus on almost 28 devices in all! The module to be used is enumerated from the different models of printers using “Title page” and “Server type” responses from the printer management page.


    Its required Perl modules are:


    LWP::Simple
    LWP::UserAgent
    HTML::TagParser
    URI::Fetch
    HTTP::Cookies


    Sample syntax:



    praeto.pl TARGET_FILE TCP_PORT PROJECT_NAME OUTPUT_FILE



    All of the results will create a folder called “project1” and save all information in that folder. Also will create a log file called data-file.log to hold information.


    Link: Download Praeda Beta (praeda.tgz.gz)
    http://www.foofus.net/~percX/praeda/praeda.tgz


    @firebitsbr

  2. #2
    Just burned his ISO
    Join Date
    Jul 2011
    Posts
    2

    Default Re: PRAEDA: A Automated Printer Data Harvesting Tool!!!

    2'nd this one and there should be a man on now to create new scripts to build out the ability to auto recognize the printers on a network and scrape data....

  3. #3
    Junior Member furt1maggr3d10r's Avatar
    Join Date
    Nov 2010
    Posts
    39

    Default Re: PRAEDA: A Automated Printer Data Harvesting Tool!!!

    Hi,
    Interested in trying this so I downloaded and this was the results.. Any idea what went wrong??


    root@bt:/home/downloads/praeda/praeda# ./praeda.pl target.lst 80 project1 data-file
    Can't locate HTML/TagParser.pm in @INC (@INC contains: /etc/perl /usr/local/lib/perl/5.10.1 /usr/local/share/perl/5.10.1 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10 /usr/local/lib/site_perl .) at ./praeda.pl line 41.
    BEGIN failed--compilation aborted at ./praeda.pl line 41.
    root@bt:/home/downloads/praeda/praeda#



    \cheers

  4. #4
    Good friend of the forums spawn's Avatar
    Join Date
    Jan 2010
    Posts
    280

    Default Re: PRAEDA: A Automated Printer Data Harvesting Tool!!!

    Please, see at OP Required Perl Modules

    Regards,
    "If you aim the gun at your foot and pull the trigger, it's
    UNIX's job to ensure reliable delivery of the bullet to
    where you aimed the gun (in this case, Mr. Foot)."

  5. #5
    Junior Member furt1maggr3d10r's Avatar
    Join Date
    Nov 2010
    Posts
    39

    Default Re: PRAEDA: A Automated Printer Data Harvesting Tool!!!

    Well
    When I go to install the modules, after cross checking each name...
    Here is the results

    root@contego:~# apt-get install libhtml-parser-perl
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    libhtml-parser-perl is already the newest version.
    0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.



    Also,

    root@contego:~# perl -v

    This is perl, v5.10.1 (*) built for x86_64-linux-gnu-thread-multi

    Copyright 1987-2009, Larry Wall

    Perl may be copied only under the terms of either the Artistic License or the
    GNU General Public License, which may be found in the Perl 5 source kit.

    Complete documentation for Perl, including FAQ lists, should be found on
    this system using "man perl" or "perldoc perl". If you have access to the
    Internet, point your browser at http://www.perl.org/, the Perl Home Page.



    What am I missing??

    cheers
    Last edited by furt1maggr3d10r; 07-24-2011 at 10:48 PM.

  6. #6
    Good friend of the forums spawn's Avatar
    Join Date
    Jan 2010
    Posts
    280

    Default Re: PRAEDA: A Automated Printer Data Harvesting Tool!!!

    Champion, do the following ....

    Code:
    # cpan
    cpan >  install HTML::TagParser
    cpan > install URI::Fetch
    cpan > exit
    
    # ./praeda.pl .......
    Regards,
    "If you aim the gun at your foot and pull the trigger, it's
    UNIX's job to ensure reliable delivery of the bullet to
    where you aimed the gun (in this case, Mr. Foot)."

  7. #7
    Junior Member furt1maggr3d10r's Avatar
    Join Date
    Nov 2010
    Posts
    39

    Default Re: PRAEDA: A Automated Printer Data Harvesting Tool!!!

    That did the trick. Thanks for the assist and teaching me to fish...


    Cheers

Similar Threads

  1. outfox.c - a tool for dumping firefox cache data
    By c0rruption in forum Tool Requests
    Replies: 3
    Last Post: 04-21-2011, 01:25 AM
  2. Replies: 0
    Last Post: 12-07-2010, 07:29 PM
  3. automated tool to get subdomains for a traget domain
    By HACK-IT in forum OLD Newbie Area
    Replies: 7
    Last Post: 03-04-2010, 09:22 AM
  4. Automated DoS Audit tool against IP Appliance
    By nekkro-kvlt in forum OLD Pentesting
    Replies: 4
    Last Post: 09-12-2009, 08:04 AM
  5. {Data Forensics}AIR - Automated Image and Restore
    By thepretender84 in forum OLD BT4 Feature Requests
    Replies: 2
    Last Post: 04-23-2009, 03:10 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •