Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-22 04:33:28 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/network-services-pentesting/3702-udp-pentesting-ws-discovery.md
Carlos Polop 48d9033854 arte
2024-01-05 23:36:48 +01:00

3.7 KiB
Raw Blame History

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

Basic Information

The Web Services Dynamic Discovery Protocol (WS-Discovery) is a multicast discovery protocol that locates services on a local network.

In WS-Discovery terminology, a Target Service is an endpoint that makes itself available for discovery, whereas a Client is an endpoint that searches for Target Services. Both use SOAP queries over UDP to the 239.255.255.250 multicast address with the destination UDP port 3702.

A Target Service sends a multicast Hello 1 when it joins a network. The Target Service can receive a multicast Probe 2, a message sent by a Client searching for a Target Service by Type, at any time. The Type is an identifier for the endpoint. For example, an IP camera could have NetworkVideoTransmitter as a Type. It might also send a unicast Probe Match3 if the Target Service matches a Probe (other matching Target Services might also send unicast Probe Matches). Similarly, a Target Service might receive a multicast Resolve4 at any time, a message sent by a

Client searching for a Target by name, and send a unicast Resolve Match5 if its the target of a Resolve. Finally, when a Target Service leaves a network, it makes an effort to send a multicast Bye 6.

Default port: 3702

PORT     STATE         SERVICE
3702/udp open|filtered unknown
| wsdd-discover:
|   Devices
|     Message id: 39a2b7f2-fdbd-690c-c7c9-deadbeefceb3
|     Address: http://10.0.200.116:50000
|_    Type: Device wprt:PrintDeviceType
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks: