PRT-LDAP-CRED-STEALCredential Access

MFP LDAP Address-Book Credential Theft

Configure the MFP to use attacker LDAP for address-book lookups — printer sends its bind credentials in cleartext (often a domain service account).

§ Where this technique fits

PRT-LDAP-CRED-STEAL is catalogued under the Credential Access tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 3 on average.

§ Dossiers chaining this technique

Reconfigure MFP LDAP → harvest service-account credentials
Walk up to / network-into the MFP admin web panel (default creds), change the LDAP address-book server to attacker IP — printer immediately re-binds and sends its service-account creds in cleartext.
step 3 / 7

§ What commonly comes next

01
Acquire Infrastructure
T1583 · Resource Development
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

Reconfigure MFP LDAP → harvest service-account credentials

§ What commonly comes next