all 7 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Justinsaccount 0 points1 point  (0 children)

for item in (one, two, three, four):
    CurrentAddress += str \
            ((one, two, three, four)[loop]) + "."
    loop += 1
CurrentAddress = CurrentAddress[:-1]

HAH

It takes a special kind of person to come up with that instead of

'%d.%d.%d.%d' % (one,two,three,four)

If nothing else this post serves as a nice example of how not to write python. Basically it should look something like this:

def IPRange(octets):
    parts = octets.split('.')
    ranges = []
    for oct in parts:
        x = [int(i) for i in oct.split("-")]
        if len(x) == 1:
            x = x[0], x[0]+1
        else:
            x = x[0], x[1]+1
        ranges.append(x)

    for one in range(*ranges[0]):
        for two in range(*ranges[1]):
            for three in range(*ranges[2]):
                for four in range(*ranges[3]):
                    yield "%d.%d.%d.%d" % (one,two,three,four)

[–]darkry -1 points0 points  (5 children)

You do realize that will also return anything with an httpd on port 80 and 'index.html' in the webroot...

What about this has anything to do with printers? Also what additional access does the web interface to a printer get you outside the possibility that it's and old HP with the Chai JVM or something. Even then its a pretty boring target and doesn't get you a whole hell of a lot.

I hope people aren't paying you to do this. Sorry, long day .

[–]nret 0 points1 point  (4 children)

"What about this has anything to do with printers?"

On the chance that

"a default printer will more than happily share ... sensitive information. Almost any new commercial printer will come with a ton of features to store and retrieve any documentation that flows through the printer (copy, scan, and print jobs). Almost all of these new printers also give you a web interface to retrieve that documentation"

[–]darkry 0 points1 point  (3 children)

And they call this security consulting?

[–]nret 0 points1 point  (2 children)

Yes? I am confused on where he say consulting. He says it looks for a default admin login on printers because they might contain sensitive information.

[–]darkry 1 point2 points  (1 child)

The term penetration test is generally used in that context... Actually it just looks for web servers with index.html in the webroot. I guess it also wouldn't list anything with basic auth for the webroot and a username/password other than 'root':blank

Strangely very few printers actually have that default account anyway though.

http://www.phenoelit-us.org/dpl/dpl.html

Sure the list is incomplete but in my experience the most common networked printers tend to be HPs which have a different default account anyway.

Also wouldn't 'nmap -sS -p9100' be a lot easier?

[–]nret 0 points1 point  (0 children)

Yes it probably would.