Port 5357: The Double-Edged Sword of Network Discovery

Then convince a user on the target host to visit an attacker-controlled SMB share or use a tool like responder + pxe to force a connection to http://target:5357/wsd .

Port 5357 – HackTricks Summary

The service is generally active on Windows Vista, Windows 7, Windows 10, and Windows Server 2008 and later. Enumeration and Information Gathering

Example detection signatures (IDS/Suricata/snort)

Hostnames & Device Names:

WSD often broadcasts the actual name of the computer or printer.

CVE-2009-2512 (MS09-063):

A stack-based buffer overflow vulnerability. Attackers could send a crafted WS-Discovery message with an overly long "MIME-Version" string to execute arbitrary code with service-level privileges.

5357 (HTTP), 5358 (HTTPS), and 3702 (UDP - multicast for discovery). PentestPad 2. HackTricks & Pentesting Context: Common Risks

Port 5357 Hacktricks | REAL FULL REVIEW |

Port 5357: The Double-Edged Sword of Network Discovery

Then convince a user on the target host to visit an attacker-controlled SMB share or use a tool like responder + pxe to force a connection to http://target:5357/wsd .

Port 5357 – HackTricks Summary

The service is generally active on Windows Vista, Windows 7, Windows 10, and Windows Server 2008 and later. Enumeration and Information Gathering port 5357 hacktricks

Example detection signatures (IDS/Suricata/snort)

Hostnames & Device Names:

WSD often broadcasts the actual name of the computer or printer. Port 5357: The Double-Edged Sword of Network Discovery

CVE-2009-2512 (MS09-063):

A stack-based buffer overflow vulnerability. Attackers could send a crafted WS-Discovery message with an overly long "MIME-Version" string to execute arbitrary code with service-level privileges. Port 5357 – HackTricks Summary The service is

5357 (HTTP), 5358 (HTTPS), and 3702 (UDP - multicast for discovery). PentestPad 2. HackTricks & Pentesting Context: Common Risks

90 sec preview Mere Khwabon Mein Dilwale Dulhania Le Jayenge
Added to Cart
Add