Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, May 10, 2019 9:51 PM
By default when starting Responder in Kali linux it starts http server as well as SMB server. I can disable HTTP server in Responder.conf file from starting at all. How to tell Responder to listen on SMB server for port 80 and windows to use port 80 for accessing share?
I know it's possible for example from this thread where it sais: " However, when I attempt to connect to the remote network (192.168.y.y), Windows decides it needs to use port 80"
https://serverfault.com/questions/658540/forcing-smb-over-445-instead-of-80
I'm testing with \192.168.1.119:80 on windows 10 machine.
here is a capture when HTTP on responder is disabled:
here is a capture when HTTP on responder is enabled:
here is a capture when HTTP on responder is disabled and I enabled socat on linux (basically port forward from 80 outside to 445 inside):
socat TCP-LISTEN:80,fork TCP:192.168.1.119:445
In last case windows 10 is using Microsoft-WebDAV-MiniRedir/10.0.10586 as user agent.
Any ideas how to force windows to use SMB over port 80 or other workaround?
All replies (7)
Saturday, May 11, 2019 1:08 PM
By default when starting Responder in Kali linux it starts http server as well as SMB server.
I'm testing with \192.168.1.119:80 on windows 10 machine.
Don't do that. Just use \192.168.1.119 and it will use the SMB port. Then it will match the default Responder configuration.
Saturday, May 11, 2019 1:34 PM
It does not match my test environment. Port 445 is not considered.
Saturday, May 11, 2019 2:25 PM
What do you mean by "not considered"? What are you trying to accomplish. (Yes, I understand that you want to get SMB over port 80, but why?)
Saturday, May 11, 2019 2:49 PM | 1 vote
https://stackoverflow.com/questions/5115959/easiest-way-to-implement-a-smb-redirector-for-windows
Natively, Windows will not do SMB over any ports other than 445 or 139 (its choice),
https://serverfault.com/questions/60586/how-to-access-shared-folders-on-custom-ports-windows
They can't. Windows clients can only see the default ports 139 and 445.
Can't be done sorry. Windows does not support TCP ports other than 445/139.
This can't be done. Windows does not support TCP ports other than 445/139
Saturday, May 11, 2019 6:35 PM
What do you mean by "not considered"? What are you trying to accomplish. (Yes, I understand that you want to get SMB over port 80, but why?)
I'm doing penetration testing on my own company. So then maybe WebDAV protocol (on client side) can respond to challenge from server (kali) or some other workaround.
Saturday, May 11, 2019 6:50 PM
https://stackoverflow.com/questions/5115959/easiest-way-to-implement-a-smb-redirector-for-windows
Natively, Windows will not do SMB over any ports other than 445 or 139 (its choice),
https://serverfault.com/questions/60586/how-to-access-shared-folders-on-custom-ports-windows
They can't. Windows clients can only see the default ports 139 and 445.
Can't be done sorry. Windows does not support TCP ports other than 445/139.
This can't be done. Windows does not support TCP ports other than 445/139
I don't know but i found several reverse questions:
It's just saying how to not run on port 80.
Maybe they are talking about WebDAV then. Does it support challenge authentication, because I found it does basic and digest:
http://www.webdav.org/specs/rfc2617.html
Sunday, May 12, 2019 3:26 PM
I don't know anything about Responder, how it works, or how to use it. So maybe I should not be trying to answer your question. You might have better luck if you ask this question in a Responder support forum.
Having said that, at my prior employer when we did a pentest, we hired an outside firm to basically attack our internet facing web servers. Then we allowed them on our private network to do additional testing of vulnerabilities. But the port needs to match the protocol. I don't see what putting an SMB server on port 80 does for you. An attacker would typically send HTTP data packets to that port.
From what I know, a Windows Explorer client can use FTP, SMB or WebDAV to access a "share". It appears that Windows will only use the SMB protocol on the SMB ports. For WebDAV, you can use different ports, but the data packets are HTTP protocol. Authentication would occur by HTTP 401 challenge/response.
https://www.webdavsystem.com/server/access/windows
Good luck with whatever you are doing.