Responder Tool issue - Starting Point

MajorTheShiba · May 1, 2022, 7:00pm

Anyone faced similar issues with Responder tool when doing the labs? Not able to listen to any traffic using port 5985… Any suggestion on what i can do? Thanks in advance!

[!] Error starting UDP server on port 5355, check permissions or other servers running.
[!] Error starting UDP server on port 5353, check permissions or other servers running.
[!] Error starting SSL server on port 5986, check permissions or other servers running.
[!] Error starting SSL server on port 443, check permissions or other servers running.

xtal · May 2, 2022, 5:44am

First step: Check if any other process (server or client) uses the ports.

ss --udp --tcp --listen --process

Second: For using port 443 (a port or the first 1024) you need root permission. So typical a sudo or a su command is needed.

Teknogrot · May 6, 2022, 4:30pm

I’m having the same issue, but only for ports 443 and 5986. It’s being run with sudo and your suggestion along with

sudo netstat -antp

hasn’t shown anything bound to either port.

xtal · May 9, 2022, 8:46am

On my local box with Parrot OS 5.0 the responder 3.0.6.0 is installed by default.

As root I can start the Responder Python script:

$ responder -I tun0
                                         __
  .----.-----.-----.-----.-----.-----.--|  |.-----.----.
  |   _|  -__|__ --|  _  |  _  |     |  _  ||  -__|   _|
  |__| |_____|_____|   __|_____|__|__|_____||_____|__|
                   |__|

           NBT-NS, LLMNR & MDNS Responder 3.0.6.0

  Author: Laurent Gaffie (laurent.gaffie@gmail.com)
  To kill this script hit CTRL-C


[+] Poisoners:
    LLMNR                      [ON]
    NBT-NS                     [ON]
    DNS/MDNS                   [ON]

... cut some lines here ...

[!] Error starting TCP server on port 3389, check permissions or other servers running.

[+] Listening for events...

The server at port 3389 could not be started by the responder script.

I checked it:

$ ss --tcp --udp --listen --numeric --process
Netid    State      Recv-Q     Send-Q                              Local Address:Port          Peer Address:Port    Process                                                                                                             
udp      UNCONN     0          0                                         0.0.0.0:53294              0.0.0.0:*        users:(("openvpn",pid=2759,fd=3))                                                                                  
udp      UNCONN     0          0              [fe80::2afa:9bca:c24f:4f39]%enp1s0:546                   [::]:*        users:(("NetworkManager",pid=454,fd=24))                                                                           
tcp      LISTEN     0          2                                           [::1]:3350                  [::]:*        users:(("xrdp-sesman",pid=712,fd=7))                                                                               
tcp      LISTEN     0          2                                               *:3389                     *:*        users:(("xrdp",pid=729,fd=11))

Ok. The port 3389 is already used by the xrd server. So the responder can not use this port.
The openvpn process opens the udp port if I am connect to the HTB lab via openvpn. This port is at least open if I am connected from my local box to HTB.

On my local Parrot OS box the responder in the default installation works plausible.

Teknogrot · May 9, 2022, 10:12am

When playing around I think I solved it for myself at least. I had installed it manually on Kali and when heading to install directory and calling

sudo python3 responder.py -I tun0

it fails, but when I’m fumbling around I found the default install that I was sure existed already before heading to github and simply calling

sudo responder -I tun0

works fine.

Hopefully that’ll help the OP.