Scenario:
Network printer "Scan To Shared Folder" feature.
Network printer IP address: 192.168.0.10
Network printer "Scan To Shared Folder" details:
Network path: \\192.168.0.155\Folder\Subfolder
Login username: aficio
Password:****** Retype Password:******
Based on what stated above, my guessing is that on the 192.168.0.155 host there's certailny an account called aficio
Further details:
Attacker can access the network printer admin web panel
Attacker cannot access host 192.168.0.155
Attacker wants to get aficio's password
Questions:
Would it be possible to retrieve the user aficio's password through PRET (Printer Exploitation Toolkit) or any other software able to interact with the network printer?
I mean, am I right in saying that aficio's password is actually somewhere on the network printer filesystem?
Is network sniffing a valid alternative in order to get the password? I don't think so, since I believe aficio'credentials will reach the endpoint (192.168.0.155) through SSL Is that correct?
Any help will be highly appreciated