D4stiny
commented
5 years ago I have determined a partial issue that may or may not be related to the error. Let's say I'm retrieving the "/" folder. This is the packet sent:
.%-12345X@PJL FSDIRLIST NAME="0:/" ENTRY=1 COUNT=65535
@PJL ECHO DELIMITER15397
.%-12345XHowever, this is the packet response:
@PJL ECHO DELIMITER15397
.@PJL FSDIRLIST NAME="0:/" ENTRY=1
...The issue is that the delimiter is being placed on the top of the response, cutting off everything after it.
killzhack
Hello there, I connected to a vulnerable printer at port 9100 using the PJL protocol and was confused by the fact that ls changed its output for the same directory. For example, I'd do "ls /", and get the right output. Then I do ls /somefolder and get the contents for /. Then I do ls /somefolder/someotherfolder and I get the contents for /somefolder.
I thought maybe the previous directory could have just been the / folder, so I investigated in wireshark. Filtering for port TCP 9100, I followed the TCP stream.
When I did "ls /somefolder", the client sent out the right packet:
and the server responded properly with the contents of /somefolder:
however, this is what the client showed:
even though that is the contents of the / folder. Next when I did ls /somefolder/data (using the output in wireshark):
and again, correct response:
this is the output:
Hopefully you can see the problem.