In this writeup I will show you how I solved the Wander challenge from HackTheBox. The challenge is an easy Hardware challenge. Let’s start!
Initial Analysis #
The only thing that HTB is providing us is an ip address with the relative port, so first of all we can try to paste the ip address in our browser and see what happens. This is what we get:
Ok now we have to explore a bit the website so see if there is something interesting, maybe we can find some hidden directories or something like that. By clicking on the Job Controls we will be redirected to a new page:
PJL Commands #
I’ve never read about @PJL commands so I searched a bit on google and I found this link that explains what they are. Basically they are commands that can be used to control the printer. These are the most common commands:
Let’s try to use some of them to explore server’s filesystem. First of all we can try to use the FSDIRLIST command to list the content of the current directory:
@PJL FSDIRLIST NAME="0:" ENTRY=1
Next, if we want to view the upper directory, we can this command:
@PJL FSDIRLIST NAME="0:/../" ENTRY=1
Now we can see that is listed the home directory, mayber there is something interesting inside it. Let’s try to list its content:
@PJL FSDIRLIST NAME="0:/../home/" ENTRY=1
The default directory seems interesting, let’s try to list its content:
@PJL FSDIRLIST NAME="0:/../home/default" ENTRY=1
Inside the default directory there is a file called readyjob, we need to see its content. To do that we can use the FSUPLOAD command in this way:
@PJL FSUPLOAD NAME="0:/../home/default/readyjob"
We made it! Now we have the flag:
