Jump to content
Sign in to follow this  
Pic0o

Oh Hello

Recommended Posts

I find myself enjoying some late nights. Looks like I have a bite here on the Windows 8.1 PC. HTTP and HTTPS services running as RPC items.

Discovered open port 445/tcp on localPC
Discovered open port 135/tcp on localPC
Discovered open port 139/tcp on localPC
Discovered open port 5357/tcp on localPC
Discovered open port 49154/tcp on localPC
Discovered open port 49153/tcp on localPC
Discovered open port 49158/tcp on localPC
Discovered open port 49152/tcp on localPC
Discovered open port 49159/tcp on localPC
Discovered open port 49155/tcp on localPC
Completed SYN Stealth Scan at 22:59, 1.22s elapsed (1000 total ports)
Initiating Service scan at 22:59
Scanning 10 services on localPC

Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) is port 5357

 

I also hope you got to read my submission in 2600 32:2 issue. Always looking to explore something. It has been a blast so far. :ninjawub:

Share this post


Link to post

Oh here we go. This process / port is an IP 6 item and appears to be related to Network Discovery on a Public Profile. Info from SuperUser.

 


This port is opened probably because you have Network Discovery enabled in a Public Network profile.
To make sure if this is the case, don't block it and disable Network Discovery for any public profile you may have.

  • Go to Control Panel\Network and Internet\Network and Sharing Center\Advanced sharing settings
  • Disable Network Discovery on your Home Network and Public Network
  • (Not sure if you need a reboot)
  • Check your ports again. Should not be opened.
  • Enable it in your Home Network and leave it off in your Public Network.


It running as System explains why it does not show up locally, without the help of ProcessExplorer, yet comes up in a Nmap scan on the local network.

But still, why do I see:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Service Unavailable</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Service Unavailable</h2>
<hr><p>HTTP Error 503. The service is unavailable.</p>
</BODY></HTML>



when I go to localhost on port 5357?

This may be related to Windows Updates adding tracking comparable to Windows 10. Puke KB3068708 is the update for Windows 8.x. Oh this is a Vista-Era item. From Seclists in 2008.

Edited by Pic0o

Share this post


Link to post
Sign in to follow this  
×