Device: http://10.10.10.5:5357/wsd/3f8c2a1b-... Type: Printer Friendly Name: HP LaserJet M402dw Metadata URL: http://10.10.10.5:5357/wsd/3f8c2a1b/metadata
Port 5357 is more than just an obscure port – it’s a potential entry point for unauthenticated info leaks, NTLM relaying, and legacy RCE. While not as juicy as 445, it’s often overlooked, making it a reliable target for lateral movement during internal penetration tests. port 5357 hacktricks
Attackers can abuse these services to force unauthenticated NTLM authentication, which can then be relayed to other services. Device: http://10
The primary "feature" of an open port 5357 is its ability to leak metadata about the host and its connected peripherals. Attackers can abuse these services to force unauthenticated
On , this port is categorized under 5357 - Pentesting WS-Discovery. Key Takeaways for Port 5357 Service : Microsoft HTTPAPI httpd 2.0 (SSDP/WS-Discovery).
WSDAPI is Microsoft's implementation of the protocol. It allows Windows machines to automatically discover and communicate with network-connected devices like printers, scanners, and file shares without manual configuration. Port 5357 (TCP): Used for HTTP-based communication. Port 5358 (TCP): Used for HTTPS-based communication. Port 3702 (UDP): Used for multicast discovery. Reconnaissance & Enumeration
Penetration testers and hackers often target this port for the following reasons: Information Disclosure/Reconnaissance: