Port 5357 Hacktricks |link| Jun 2026

curl -v http:// :5357/ -H "Host: stuff" -H "Range: bytes=0-18446744073709551615" Use code with caution.

: Disable the Function Discovery Provider Host (FDPHost) and Function Discovery Resource Publication (FDResPub) services in services.msc .

If a vulnerability or misconfiguration allows an attacker to coerce a service running over port 5357 to authenticate against an attacker-controlled server, those credentials can be relayed to other machines on the network where SMB signing is disabled. 4. Remediation and Defense

Some WSD implementations accept a Set action. Fuzzing the metadata might reveal an action like SetSystemTime or ExecuteCommand (rare but happens in embedded devices).

"Recommendation: Block Port 5357/tcp on the perimeter firewall immediately. The exposed WS-Discovery service allowed for the enumeration of the primary Domain Controller hostname ('LEDGER-DC01') and internal network topology without authentication." port 5357 hacktricks

Port 5357 essentially hosts a built-in web server. If not properly managed, it can expose administrative interfaces for printers or IoT devices. Verdict for Pentesters

A standard version scan will often reveal the underlying HTTP server. nmap -sV -p 5357 Use code with caution. Copied to clipboard

: By interacting with WSD, an attacker might identify other vulnerable devices on the subnet that wouldn't otherwise be visible through standard scanning. Practical Assessment Steps

If network discovery and file sharing are not required on the server, disable the "Function Discovery Provider Host" and "Function Discovery Resource Publication" services. curl -v http:// :5357/ -H "Host: stuff" -H

Port 5357 is typically associated with the , a Microsoft implementation of the WS-Discovery protocol. It allows devices like printers and scanners to be automatically discovered on a local network.

Related searches (suggested terms): port 5357 WSD, WSD SOAP GetDeviceInformation, disable WSD Windows, nmap http-wsd-discover

Device: http://10.10.10.5:5357/wsd/3f8c2a1b-... Type: Printer Friendly Name: HP LaserJet M402dw Metadata URL: http://10.10.10.5:5357/wsd/3f8c2a1b/metadata

Metasploit contains a module specifically designed to check and exploit this flaw: WSD SOAP GetDeviceInformation

Port 5357 – WSDAPI (Web Services for Devices) - PentestPad

You can interact with the port using curl to analyze the response headers and look for default paths. curl -i http:// :5357/ Use code with caution.

You can utilize native Windows PowerShell commands to query WSD infrastructure directly without uploading external binaries: powershell