I just experienced a nice little information disclosure, and thought it could be nice to share.
In Windows all the jobs in the spool queue have a title, usually matching he name of the document printed. This can of course be leading and interesting. But it is quite more interesting when the job in question is a web page. Then the entire URL gets printed as the document name, which of course might reveal session information and all sorts of interesting stuff. It might of course be hard to catch this since the queue normally gets purged quite quickly as jobs become printed. I happened to notice this on a printer that was out of service.
Another way might be to write a little job that polls the print queue every second and filter for URLs.
Here’s a little PowerShell script that could be used as a starter
|
1 2 3 4 5 6 7 8 |
"{0,-35}{1,-10}{2,-9}{3,-6}{4}" -f "Printername", "Owner", "Size(KB)", "Pages", "Document name" $PrintJobs = get-wmiobject Win32_PrintJob -computername localhost If ($PrintJobs -ne $NULL){ Foreach ($PrintJob in $PrintJobs) { "{0,-35}{1,-10}{2,-9}{3,-6}{4}" -f $printjob.name, $printjob.Owner, [Math]::Round([decimal]($printjob.Size/1024)), $printjob.totalpages, $printjob.document } } |