Jump to content


Photo
* * * - - 1 votes

What to do with sensetive but harmless logs?

network printers logs harmless information sensetive

  • Please log in to reply
4 replies to this topic

#1 brod

brod

    Will I break 10 posts?

  • Members
  • 6 posts
  • Country:
  • Gender:Male
  • Location:Melbourne

Posted 21 October 2013 - 03:46 AM

Hey guys,

 

First post here, so be gentle.

 

Over the past couple weeks I set myself a little challenge to write a little script which would

 

look for network printers > compare model info with default credentials info and or brute force http logins > nmap and log the ip w/ verbose but general information > also checkup on them once a week to see if creds still worked > finally store all this information locally in quite well formatted text files as well as a mysql db

 

I did this on the 22nd of September 2013 and am going to finish tomorrow (22nd October, local time) I've checked logs and it appears I've ended up with about ~9,500 network printers and their current creds which makes for a 49mb text file.

 

My question is what can or should I do with this, personally it was just a project and I'm not looking to harm anyone so if it was valuable for learning I'd like to share it but at the same time theres an obvious risk of someone just hacking the whole network and effecting a lot of people.

 

I even had the idea to print of a sheet to each of the printers explaining this and advising them to change their passwords.

Or maybe setup some mini network or something although I have no real network admin experience.

 

Are there any places where this type of harmless but sensitive information is stored in a friendly environment?

 

Thanks,

Brod.

 

EDIT:

I just turned the system off.

Below are some fun facts I got from the test, I'm also going to write this up in a more complete and formal fashion and release it at a later date.

 

Fun Facts

~3,000 appear to have had their password changed from the default one to either 'password', 'admin', 'administrator', 'syspass' or 'sekret'. This is just plain stupid.

~1,800 appear to have already been hacked / going off the fact they had 'hack' and or 'b*tch' in the printer name, I assume the owner did not assign this.

~400 appear to be disliked as they had 'Stupid', 'Sh*t' and or 'Dumb' in the printers name, I assume the manufacturer did not assign this.

12 had 'brod' in the printer name :)


Edited by brod, 22 October 2013 - 01:47 AM.


#2 systems_glitch

systems_glitch

    Dangerous free thinker

  • Moderating Team
  • 1,669 posts
  • Gender:Male

Posted 21 October 2013 - 08:29 AM

Wow, are these on the public Internet, or do you just have access to an exceptionally large corporate network?! Printers are often overlooked as security holes in a network, pretty cool to see an actual experiment done en masse.

 

If you let every single entity that owns a compromised printer know that you were able to gain access to their printers as part of a study, you will almost certainly have someone who gets pissed and tries to get you in trouble. Since everything is CFAA here in the US, it would be an exceptionally bad idea here. Don't know what the rules are like down under, tho.

 

Your best bet, if you want to publish something without inviting the wrath of the subjects of your actual study, would be to write up your methodology, the data you collected, and your interpretation of the results. Then you can submit your paper to various publications, get the information out there, and hopefully stay under the radar. 2600 would probably get you the most hacker readership if you're looking to publish in an actual publication.



#3 brod

brod

    Will I break 10 posts?

  • Members
  • 6 posts
  • Country:
  • Gender:Male
  • Location:Melbourne

Posted 21 October 2013 - 03:49 PM

Geez, thanks for the info systems_glitch.

 

To confirm, these are on the public network and the whole test was done off an Arduino so obviously the time spent and resources used could be improved upon to gain even more results, not to mention a smarter / faster algorithm.

 

I read a post on Irongeek about them which originally caught my attention, and thought it'd be fun to see how many I could 'compromise'.

 

I've never properly published anything of significance so I might need to research that too, thank you again for the pointers.

 

On a side note, I'm not in the 'hacker' scene exactly although the majority or websites I find of any value are all very Web 1.0 in design - like it's the year 2000.. is there any reason for this?

 

Brod.



#4 systems_glitch

systems_glitch

    Dangerous free thinker

  • Moderating Team
  • 1,669 posts
  • Gender:Male

Posted 22 October 2013 - 08:14 AM

You used an Arduino to do it? Definintely write it up. That's a very low CPU power platform to run an automated scan from. Several of us have had articles published in print form, so if you want help/reviews/et c. just ask!

 

I think everything still looks "Web 1.0" because it's been around since then and it still works. Personally, I don't have the time to put into making my personal site "Web 2.0," and at the end of the day, the information is still in a readable form. The cobbler's kids do in fact go barefoot sometimes!



#5 brod

brod

    Will I break 10 posts?

  • Members
  • 6 posts
  • Country:
  • Gender:Male
  • Location:Melbourne

Posted 22 October 2013 - 04:27 PM

entirely, the mysql database was hosted on my computer but the rest was done by Adriun (my arduino's name) although I'll be moving to RaspberryPi for any future endeavours. I've never used arduino and this was also used as a learning curve/challenge.
I'll google up on 'how to write a paper' but probably be back for some advice.

I kind of guessed it was to do with that, thanks.

Edited by brod, 22 October 2013 - 05:15 PM.





BinRev is hosted by the great people at Lunarpages!