hacktricks/pentesting/3702-udp-pentesting-ws-discovery.md

26 lines
1.5 KiB
Markdown
Raw Normal View History

2022-02-19 19:42:58 +00:00
# 3702/UDP - Pentesting WS-Discovery
## Basic Information
The Web Services Dynamic Discovery Protocol (WS-Discovery) is a multicast discovery protocol that locates services on a local network.
In WS-Discovery terminology, a Target Service is an endpoint that makes itself available for discovery, whereas a Client is an endpoint that searches for Target Services. Both use SOAP queries over UDP to the 239.255.255.250 multicast address with the destination UDP port 3702.
![](<../.gitbook/assets/image (633).png>)
A Target Service sends a multicast Hello 1 when it joins a network. The Target Service can receive a multicast Probe 2, a message sent by a Client searching for a Target Service by Type, at any time. The Type is an identifier for the endpoint. For example, an IP camera could have NetworkVideoTransmitter as a Type. It might also send a unicast Probe Match3 if the Target Service matches a Probe (other matching Target Services might also send unicast Probe Matches). Similarly, a Target Service might receive a multicast Resolve4 at any time, a message sent by a
Client searching for a Target by name, and send a unicast Resolve Match5 if its the target of a Resolve. Finally, when a Target Service leaves a network, it makes an effort to send a multicast Bye 6.
**Default port**: 3702
```
PORT STATE SERVICE
3702/udp open|filtered unknown
| wsdd-discover:
| Devices
| Message id: 39a2b7f2-fdbd-690c-c7c9-deadbeefceb3
| Address: http://10.0.200.116:50000
|_ Type: Device wprt:PrintDeviceType
```