We covered a printer exploitation scenario where we started with telnet protocol then we used SNMP to grab the hex representation of the password through a vulnerability that targeted HP JetDirect printers. We got a telnet shell and from there we used the available commands to spawn a reverse shell along with Metasploit. We discovered a local printing service running on port 631 which as a vulnerability that enables full ability to read any file on the target system. We used Metasploit portforwarding to be able to access and interact with this service (CUPS 1.6.1). This was part of HackTheBox Antique
Video Walkthrough
Show Comments