Oh noo....
Did someone forget to change the default credentials on your multifunction printer?!?!?!
Ohhhh nooooo.....
Did someone set up the printer to do email address lookups on active directory?
Hmmm????
Are there stored Domain user service account credentials on this here printer????
Hmmmm???
Well..... since I AMMMMMM administrator on the printer because I looked up the default credentials on the public internet.....
Maybe you wouldn't mind if I changed the IP Address to point from the Domain Controller... to ME!!!!
Hahahaha!!!!
I'm the Domain Controller... I swear.... I even have port 389 open on my hack box... err... Domain Controller. LDAP. Like you like!
And you should do a little... mmm.... "Test Connection".... just to see if you can connect.
Oh what's that?! Your user name is is "PrinterServiceAccount" and your password is "Pr1nt3r$3cr3tP@$$w0rd"
Oh, I'm sorry. You have the wrong place buddy. Why don't you run along....
....while I connect to Active Directory with your username and password....
😈😈😈
@tinker So many enterprises want to exclude printers from pentests. They think "it's too many IPs and you won't gain anything anyway."
I always encourage them to include them for exactly the reasons you say. I've seen domain takeovers from loose printers.
Also, printers tend to print confidential information.
