First post here, so be gentle.
Over the past couple weeks I set myself a little challenge to write a little script which would
look for network printers > compare model info with default credentials info and or brute force http logins > nmap and log the ip w/ verbose but general information > also checkup on them once a week to see if creds still worked > finally store all this information locally in quite well formatted text files as well as a mysql db
I did this on the 22nd of September 2013 and am going to finish tomorrow (22nd October, local time) I've checked logs and it appears I've ended up with about ~9,500 network printers and their current creds which makes for a 49mb text file.
My question is what can or should I do with this, personally it was just a project and I'm not looking to harm anyone so if it was valuable for learning I'd like to share it but at the same time theres an obvious risk of someone just hacking the whole network and effecting a lot of people.
I even had the idea to print of a sheet to each of the printers explaining this and advising them to change their passwords.
Or maybe setup some mini network or something although I have no real network admin experience.
Are there any places where this type of harmless but sensitive information is stored in a friendly environment?
I just turned the system off.
Below are some fun facts I got from the test, I'm also going to write this up in a more complete and formal fashion and release it at a later date.
~3,000 appear to have had their password changed from the default one to either 'password', 'admin', 'administrator', 'syspass' or 'sekret'. This is just plain stupid.
~1,800 appear to have already been hacked / going off the fact they had 'hack' and or 'b*tch' in the printer name, I assume the owner did not assign this.
~400 appear to be disliked as they had 'Stupid', 'Sh*t' and or 'Dumb' in the printers name, I assume the manufacturer did not assign this.
12 had 'brod' in the printer name
Edited by brod, 22 October 2013 - 01:47 AM.