From Hacking Printers
Jump to: navigation, search
Printing over SMB

Server Message Block (SMB) is an application-layer network protocol for file and printer sharing originally developed by IBM in the mid-80s. It is the default method used by Windows based computers to share files and printers [1]. A free implementation is available with the Samba project. Some network printers bring their own SMB server – usually running on port 445/tcp – which, just like to LPD, IPP and raw port 9100 printing, can be abused as a carrier for malicious PostScript or PJL files. In the Windows world, printing directly (without any ‘printer drivers’ interfering and converting the file) to a shared printer can be done as follows:

C:\> copy /b file \\server\share

...where server is either the printer itself, if it supports direct printing over SMB, or a separate computer system connected to the device and share is the name of the printer share. In the UNIX world, directly sending a file to an SMB printer share can be achived with the smbclient or the smbspool command from the samba(7) suite:

smbclient [-N|-U user] //server/share -c "print file"
smbspool smb://[user:pass]@server/share 0 user title 1 "" file

Related articles: Fundamentals, Attack carriers

  1. Common Internet File System, Microsoft TechNet Library