Here is how the entire #pewdiepie printer hack went down:



1. I was bored after playing Destiny 2 for a continous 4 hours, and decided I wanted to hack something. So I thought of any vulnerable protocols I could find on shodan



(1/)

2. While playing around on Shodan, the idea came to me that maybe I can hack printers around the world to print something, I didn't know what at the time. After learning about the three different printing protocols (IPP, LPD, JetDirect), I went and searched those ports on shodan.

3. I was horrified to see over 800,000 results show up in total. I was baffled, but determined to try and fix this. So I picked the first 50,000 printers I found running on port 9100 and downloaded the list off shodan.

4. Now I had to think...What to print? It didn't take me long to realize that the most perfect thing to print would be a message supporting our dear overlord @pewdiepie himself! And so I opened up my text editor and typed up the following note: https://pastebin.com/ASuKK3qL

5. Now: I needed a tool that lets me connect to printers on this port and print...a google search and I stumbled across PRET ( https://github.com/RUB-NDS/PRET ) that fulfilled all my hopes and dreams...but also my nightmares.

5 (continued). PRET had the scariest of features. Ability to access files, damage the printer, access the internal network...things that could really cause damage. So I had to do this, to at least help organizations and people that can protect themselves.

6. I typed up the following bash script which ironically can fit in a tweet:



#!/bin/bash

while read -r line; do

ip="$line"

torify ./PRET/pret.py $ip pjl -q -i ./commands.txt

done < "./potential_bros.txt"

6 (cont.) Now what this script does, is simply take my input (potential_bros.txt) and loop through every line, running PRET against that IP with the commands in commands.txt

7. Commands.txt contains the following:



print ./message.pdf

display HACKED

quit



That's literally it.

8. Uploaded the script onto my server, opened a tmux session, ran the script in there and left it running. Came back to check Thursday night and just seeing the first person to be hacked by this made my entire week.





This was the tweet that made me know that this, this was serious.

I left the script running, made this twitter account, made u/TheHackerGiraffe, and waited for people to hit me up. and that's where I'm at now.

Here's how the attack looked like on my server: https://imgur.com/0UE9kdn

Any questions?

You can follow @0xGiraffe.

Share this thread

Bookmark

____

Tip: mention @threader_app on a Twitter thread with the keyword “compile” to get a link to it.



Enjoy Threader? Sign up.



Since you’re here...



... we’re asking visitors like you to make a contribution to support this independent project. In these uncertain times, access to information is vital. Threader gets 1,000,000+ visits a month and our iOS Twitter client was featured as an App of the Day by Apple. Your financial support will help two developers to keep working on this app. Everyone’s contribution, big or small, is so valuable. Support Threader by becoming premium or by donating on PayPal. Thank you.



Download Threader on iOS.