PRET - Printer Exploitation Toolkit.

PRET – Printer Exploitation Toolkit.

The Printer Exploitation Toolkit (PRET) is a Python tool developed at the University of Bochum to automate most attacks presented in this wiki. It connects to a printing device via network or USB and allows penetration testers to exploit a large variety of bugs and features in PostScript, PJL and PCL, including temporary and physical denial of service attacks, resetting the device to factory defaults, print job manipulation and retention, access to a printer’s memory and file system as well as password cracking.

The main idea of PRET is to facilitate the communication between the end-user and the printer. Thus, after entering a UNIX-like command, PRET translates it to PostScript, PJL or PCL, sends it to the printer, evaluates the result and translates it back to a user-friendly format. PRET offers a whole bunch of commands useful for printer attacks and fuzzing.

PRET – Printer Exploitation Toolkit.

Attack type:
* Denial of service:
+-+ Transmission channel
+-+ Document processing
+-+ Physical damage

* Privilege escalation:
+-+ Factory defaults
+-+ Accounting bypass
+-+ Fax and Scanner

* Print job access:
+-+ Print job retention
+-+ Print job manipulation

* Information disclosure:
+-+ Memory access
+-+ File system access
+-+ Credential disclosure

* Code execution:
+-+ Buffer overflows
+-+ Firmware updates
+-+ Software packages

– ImageMagick & ghostscript
– Python 2.7.x

Usage and install from source: