hacktricks/network-services-pentesting/9100-pjl.md



<details>

<summary><strong>Support HackTricks and get benefits!</strong></summary>

Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!

Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)

Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)

**Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**

**Share your hacking tricks submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**

</details>


# Basic Information

Raw printing is what we define as the process of making a connection to port 9100/tcp of a network printer. It is the default method used by CUPS and the Windows printing architecture to communicate with network printers as it is considered as ‘_the simplest, fastest, and generally the most reliable network protocol used for printers_’. Raw port 9100 printing, also referred to as JetDirect, AppSocket or PDL-datastream actually **is not a printing protocol by itself**. Instead **all data sent is directly processed by the printing device**, just like a parallel connection over TCP. In contrast to LPD, IPP and SMB, this can send direct feedback to the client, including status and error messages. Such a **bidirectional channel** gives us direct **access** to **results** of **PJL**, **PostScript** or **PCL** commands. Therefore raw port 9100 printing – which is supported by almost any network printer – is used as the channel for security analysis with PRET and PFT. (From [here](http://hacking-printers.net/wiki/index.php/Port\_9100\_printing))

If you want to learn more about [**hacking printers read this page**](pentesting-printers/).

**Default port:** 9100

```
9100/tcp open  jetdirect
```

# Enumeration

## Manual

```bash
nc -vn <IP> 9100
@PJL INFO STATUS      #CODE=40000   DISPLAY="Sleep"   ONLINE=TRUE
@PJL INFO ID          # ID (Brand an version): Brother HL-L2360D series:84U-F75:Ver.b.26
@PJL INFO PRODINFO    #Product info
@PJL FSDIRLIST NAME="0:\" ENTRY=1 COUNT=65535  #List dir
@PJL INFO VARIABLES   #Env variales
@PJL INFO FILESYS     #?
@PJL INFO TIMEOUT     #Timeout variables
@PJL RDYMSG           #Ready message
@PJL FSINIT  
@PJL FSDIRLIST
@PJL FSUPLOAD         #Useful to upload a file
@PJL FSDOWNLOAD       #Useful to download a file
@PJL FSDELETE         #Useful to delete a file
```

## Automatic

```bash
nmap -sV --script pjl-ready-message -p <PORT> <IP>
```

```bash
msf> use auxiliary/scanner/printer/printer_env_vars
msf> use auxiliary/scanner/printer/printer_list_dir
msf> use auxiliary/scanner/printer/printer_list_volumes
msf> use auxiliary/scanner/printer/printer_ready_message
msf> use auxiliary/scanner/printer/printer_version_info
msf> use auxiliary/scanner/printer/printer_download_file
msf> use auxiliary/scanner/printer/printer_upload_file
msf> use auxiliary/scanner/printer/printer_delete_file
```

## Printers Hacking tool

This is the tool you want to use to abuse printers:

{% embed url="https://github.com/RUB-NDS/PRET" %}

## Hacking Printers best reference

{% embed url="https://hacking-printers.net/wiki/index.php/File_system_access" %}

# **Shodan**

* `pjl port:9100`


<details>

<summary><strong>Support HackTricks and get benefits!</strong></summary>

Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!

Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)

Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)

**Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**

**Share your hacking tricks submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**

</details>
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
 								<details>
 								<summary><strong>Support HackTricks and get benefits!</strong></summary>
 								Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 								Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
 								Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 								**Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
 								**Share your hacking tricks submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
 								</details>
-												fix mess 2

											
										
										
											2022-05-01 12:49:36 +00:00
+								# Basic Information
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												GitBook: [#2876] save

											
										
										
											2021-11-30 16:46:07 +00:00
+								Raw printing is what we define as the process of making a connection to port 9100/tcp of a network printer. It is the default method used by CUPS and the Windows printing architecture to communicate with network printers as it is considered as ‘_the simplest, fastest, and generally the most reliable network protocol used for printers_’. Raw port 9100 printing, also referred to as JetDirect, AppSocket or PDL-datastream actually **is not a printing protocol by itself**. Instead **all data sent is directly processed by the printing device**, just like a parallel connection over TCP. In contrast to LPD, IPP and SMB, this can send direct feedback to the client, including status and error messages. Such a **bidirectional channel** gives us direct **access** to **results** of **PJL**, **PostScript** or **PCL** commands. Therefore raw port 9100 printing – which is supported by almost any network printer – is used as the channel for security analysis with PRET and PFT. (From [here](http://hacking-printers.net/wiki/index.php/Port\_9100\_printing))
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
 								If you want to learn more about [**hacking printers read this page**](pentesting-printers/).
 								**Default port:** 9100
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								```
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+/tcp open  jetdirect
 								```
-												fix mess 2

											
										
										
											2022-05-01 12:49:36 +00:00
+								# Enumeration
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												fix mess 2

											
										
										
											2022-05-01 12:49:36 +00:00
+								## Manual
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
 								```bash
 								nc -vn <IP> 9100
 								@PJL INFO STATUS      #CODE=40000   DISPLAY="Sleep"   ONLINE=TRUE
 								@PJL INFO ID          # ID (Brand an version): Brother HL-L2360D series:84U-F75:Ver.b.26
 								@PJL INFO PRODINFO    #Product info
 								@PJL FSDIRLIST NAME="0:\" ENTRY=1 COUNT=65535  #List dir
 								@PJL INFO VARIABLES   #Env variales
 								@PJL INFO FILESYS     #?
 								@PJL INFO TIMEOUT     #Timeout variables
 								@PJL RDYMSG           #Ready message
 								@PJL FSINIT
 								@PJL FSDIRLIST
 								@PJL FSUPLOAD         #Useful to upload a file
 								@PJL FSDOWNLOAD       #Useful to download a file
 								@PJL FSDELETE         #Useful to delete a file
 								```
-												fix mess 2

											
										
										
											2022-05-01 12:49:36 +00:00
+								## Automatic
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
 								```bash
 								nmap -sV --script pjl-ready-message -p <PORT> <IP>
 								```
 								```bash
 								msf> use auxiliary/scanner/printer/printer_env_vars
 								msf> use auxiliary/scanner/printer/printer_list_dir
 								msf> use auxiliary/scanner/printer/printer_list_volumes
 								msf> use auxiliary/scanner/printer/printer_ready_message
 								msf> use auxiliary/scanner/printer/printer_version_info
 								msf> use auxiliary/scanner/printer/printer_download_file
 								msf> use auxiliary/scanner/printer/printer_upload_file
 								msf> use auxiliary/scanner/printer/printer_delete_file
 								```
-												fix mess 2

											
										
										
											2022-05-01 12:49:36 +00:00
+								## Printers Hacking tool
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
 								This is the tool you want to use to abuse printers:
 								{% embed url="https://github.com/RUB-NDS/PRET" %}
-												fix mess 2

											
										
										
											2022-05-01 12:49:36 +00:00
+								## Hacking Printers best reference
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								{% embed url="https://hacking-printers.net/wiki/index.php/File_system_access" %}
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												fix mess 2

											
										
										
											2022-05-01 12:49:36 +00:00
+								# **Shodan**
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												GitBook: [master] one page modified
											
										
										
											2020-09-22 21:18:17 +00:00
+								* `pjl port:9100`
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
 								<details>
 								<summary><strong>Support HackTricks and get benefits!</strong></summary>
 								Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 								Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
 								Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 								**Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
 								**Share your hacking tricks submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
 								</details>