We covered a difficult scenario of printer exploitation. We first interacted with the printer HP JetDirect running on port 9100 through the printer exploitation framework We discovered an encrypted print job file with AES-CBC for which we found the decryption key using nvram dump in The decrypted version was a PDF file documenting a service running on port 9000 named Feed Engine. To interact with the service, we used grpc tools and created a client script that sends requests through HTTP to the feed engine server. We used the client we created to probe for other internally opened ports and we discovered an Apache solr installation for we which we found an exploit and had the first shell. Privilege escalation was achieved by exploiting a periodically running service that exposes the SSH password and copies files from the machine into a docker container. This was part of HackTheBox Laser

Get OSCP Certificate Notes

Video Walkthrough

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles