Unsolved Scanning Domain for Shared Printers

DustinB3403

Has anyone had to do something like this? With the recent PrintNightmare vulnerability, we're obviously patching our systems, but we're also implementing some changes via GPO to force trusted print servers to be used, only.

What I am trying to sort out is a way to scan every system in a domain and see if it has a printer that is shared, specifically systems without the Printer sharing role installed (workstations, random servers etc).

This is a very rough hit for what I have, so I'm not sure if it actually would work. When I run it I'm getting a quota violation.

Import-Module ActiveDirectory
$comp = Get-ADComputer -Filter 'ObjectClass -eq "Computer"' | select -ExpandProperty DNSHostName
Get-Printer -ComputerName -Filter $comp  | where Shared -eq $True

syko24

@dustinb3403 said in Scanning Domain for Shared Printers:

Has anyone had to do something like this? With the recent PrintNightmare vulnerability, we're obviously patching our systems, but we're also implementing some changes via GPO to force trusted print servers to be used, only.

What I am trying to sort out is a way to scan every system in a domain and see if it has a printer that is shared, specifically systems without the Printer sharing role installed (workstations, random servers etc).

This is a very rough hit for what I have, so I'm not sure if it actually would work. When I run it I'm getting a quota violation.

Import-Module ActiveDirectory
$comp = Get-ADComputer -Filter 'ObjectClass -eq "Computer"' | select -ExpandProperty DNSHostName
Get-Printer -ComputerName -Filter $comp  | where Shared -eq $True

While this may not cover everything you are looking for, Advanced IP Scanner will show all shared folders and printers on all systems on the network.

https://www.advanced-ip-scanner.com

DustinB3403

@syko24 said in Scanning Domain for Shared Printers:

@dustinb3403 said in Scanning Domain for Shared Printers:

Has anyone had to do something like this? With the recent PrintNightmare vulnerability, we're obviously patching our systems, but we're also implementing some changes via GPO to force trusted print servers to be used, only.

What I am trying to sort out is a way to scan every system in a domain and see if it has a printer that is shared, specifically systems without the Printer sharing role installed (workstations, random servers etc).

This is a very rough hit for what I have, so I'm not sure if it actually would work. When I run it I'm getting a quota violation.

Import-Module ActiveDirectory
$comp = Get-ADComputer -Filter 'ObjectClass -eq "Computer"' | select -ExpandProperty DNSHostName
Get-Printer -ComputerName -Filter $comp  | where Shared -eq $True

While this may not cover everything you are looking for, Advanced IP Scanner will show all shared folders and printers on all systems on the network.

https://www.advanced-ip-scanner.com

That shows you the device type your scanning, not the host of the printer, ie some windows system.

I thought of it beforehand.

syko24

@dustinb3403 said in Scanning Domain for Shared Printers:

@syko24 said in Scanning Domain for Shared Printers:

@dustinb3403 said in Scanning Domain for Shared Printers:

Has anyone had to do something like this? With the recent PrintNightmare vulnerability, we're obviously patching our systems, but we're also implementing some changes via GPO to force trusted print servers to be used, only.

What I am trying to sort out is a way to scan every system in a domain and see if it has a printer that is shared, specifically systems without the Printer sharing role installed (workstations, random servers etc).

This is a very rough hit for what I have, so I'm not sure if it actually would work. When I run it I'm getting a quota violation.

Import-Module ActiveDirectory
$comp = Get-ADComputer -Filter 'ObjectClass -eq "Computer"' | select -ExpandProperty DNSHostName
Get-Printer -ComputerName -Filter $comp  | where Shared -eq $True

While this may not cover everything you are looking for, Advanced IP Scanner will show all shared folders and printers on all systems on the network.

https://www.advanced-ip-scanner.com

That shows you the device type your scanning, not the host of the printer, ie some windows system.

I thought of it beforehand.

After you scan your network, any device with a share will have a plus next to it. If you click the plus it will expand and show all shared printers and folders for that device.

syko24

DustinB3403

@syko24 said in Scanning Domain for Shared Printers:

@dustinb3403 said in Scanning Domain for Shared Printers:

@syko24 said in Scanning Domain for Shared Printers:

@dustinb3403 said in Scanning Domain for Shared Printers:

Has anyone had to do something like this? With the recent PrintNightmare vulnerability, we're obviously patching our systems, but we're also implementing some changes via GPO to force trusted print servers to be used, only.

What I am trying to sort out is a way to scan every system in a domain and see if it has a printer that is shared, specifically systems without the Printer sharing role installed (workstations, random servers etc).

This is a very rough hit for what I have, so I'm not sure if it actually would work. When I run it I'm getting a quota violation.

Import-Module ActiveDirectory
$comp = Get-ADComputer -Filter 'ObjectClass -eq "Computer"' | select -ExpandProperty DNSHostName
Get-Printer -ComputerName -Filter $comp  | where Shared -eq $True

While this may not cover everything you are looking for, Advanced IP Scanner will show all shared folders and printers on all systems on the network.

https://www.advanced-ip-scanner.com

That shows you the device type your scanning, not the host of the printer, ie some windows system.

I thought of it beforehand.

After you scan your network, any device with a share will have a plus next to it. If you click the plus it will expand and show all shared printers and folders for that device.

Interesting.... then it may work for my needs.

I'll take another look.

notverypunny

try crackmapexec on Kali with the equivalent of

#~ cme smb 192.168.1.0/24 -u UserNAme -p 'PASSWORDHERE' --shares

for your environment.

fun thing is that it dumps the results to a sqlite db that you can play with afterwards

DustinB3403

@notverypunny said in Scanning Domain for Shared Printers:

try crackmapexec on Kali with the equivalent of

#~ cme smb 192.168.1.0/24 -u UserNAme -p 'PASSWORDHERE' --shares

for your environment.

fun thing is that it dumps the results to a sqlite db that you can play with afterwards

I can't recommend a Linux solution for this as remote hands would be performing the work. PowerShell is about the limit that I suspect they would want to use, a GUI interface would be the better option based on who I suspect is doing the work.

notverypunny

@dustinb3403

Oh, yeah that changes things... advanced ip scanner as others have suggested might be the safest thing.

We've pushed the config to "Disable the “Allow Print Spooler to accept client connections:” policy to block remote attacks."

Option 2 at the link below:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527