General Printer shenanigans:
Malicious PostScript print jobs.
Accepting print jobs via SMBv1 so attack that service.
Accepting print jobs via FTP so attack that service.
Accepting print jobs and config via HTTP/S so attack that service. Recon it if using old openssl vuln to heartbleed.
Accepting print jobs via LPD so attack that service.
Configuration via telnet, default creds or maaaaaybe telnetd vulns? (cleartext creds 4 sure).
Configuration or monitoring via SNMP so recon or attack that service.
Config via SSH so attack that service/default creds.
Accepting print jobs in the form of PDFs via fileshare/upload from the above protocols? Weaponize the pdf.
Gain access and it has a local filesystem? DD to network stream and forensically analyze so see past print jobs.
Image processing lib problems? Malicious print job.
Other rendering/manufacturer specific service vulns? Maybe they didn't patch.
Uses some old java client only compatible with 1.6orwhatever.vulnerable for maintenance or job control? Can you host java attack payload on the printer and pop the requesting host? Perhaps congrats on your new end user/admin host you just pivoted to.
General Printer shenanigans:
Malicious PostScript print jobs.
Accepting print jobs via SMBv1 so attack that service.
Accepting print jobs via FTP so attack that service.
Accepting print jobs and config via HTTP/S so attack that service. Recon it if using old openssl vuln to heartbleed.
Accepting print jobs via LPD so attack that service.
Configuration via telnet, default creds or maaaaaybe telnetd vulns? (cleartext creds 4 sure).
Configuration or monitoring via SNMP so recon or attack that service.
Config via SSH so attack that service/default creds. Accepting print jobs in the form of PDFs via fileshare/upload from the above protocols? Weaponize the pdf.
Gain access and it has a local filesystem? DD to network stream and forensically analyze so see past print jobs.
Image processing lib problems? Malicious print job.
Other rendering/manufacturer specific service vulns? Maybe they didn't patch.
Uses some old java client only compatible with 1.6orwhatever.vulnerable for maintenance or job control? Can you host java attack payload on the printer and pop the requesting host? Perhaps congrats on your new end user/admin host you just pivoted to.