Hacktricks !!link!! - Port 5357

: If you are auditing an older, unpatched Windows Server or workstation, the HTTP protocol stack may be vulnerable to a remote code execution or Denial of Service (DoS) flaw via a maliciously crafted Range header.You can test for this vulnerability using curl :

: Details about the patch level or Windows edition.

Here are some key resources and tools for further research: port 5357 hacktricks

Port 5357 is the default TCP port for the protocol, a Microsoft implementation of the Devices Profile for Web Services (DPWS) . It was introduced in Windows Vista and is active by default in Windows 7, Windows 8, and Windows 10, especially when Network Discovery is enabled.

If the endpoint requires NTLM authentication (e.g., for GetPrinterData action), you can trigger an authentication attempt: : If you are auditing an older, unpatched

This is the most critical historic vulnerability associated with port 5357. Microsoft Security Bulletin MS09-063 - Critical

5357/tcp open http Microsoft HTTPAPI httpd 2.0 |_http-title: Service Unavailable |_http-server-header: Microsoft-HTTPAPI/2.0 If the endpoint requires NTLM authentication (e

This forces TARGET-50 (WSD-enabled printer server) to authenticate to your machine on SMB.

From a security perspective, port 5357 is often scrutinized for potential information leakage. Even without active exploitation, an open port 5357 can disclose:

A typical result for an open port 5357 is: