hacktricks/network-services-pentesting/69-udp-tftp.md

{% hint style="success" %}
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Support HackTricks</summary>

* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}

<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>

{% embed url="https://websec.nl/" %}


# Basic Information

**Trivial File Transfer Protocol (TFTP)** je jednostavan protokol koji se koristi na **UDP portu 69** i omogućava prenos fajlova bez potrebe za autentifikacijom. Istaknut u **RFC 1350**, njegova jednostavnost znači da mu nedostaju ključne bezbednosne karakteristike, što dovodi do ograničene upotrebe na javnom Internetu. Međutim, **TFTP** se široko koristi unutar velikih internih mreža za distribuciju **konfiguracionih fajlova** i **ROM slika** uređajima kao što su **VoIP telefoni**, zahvaljujući svojoj efikasnosti u ovim specifičnim scenarijima.

**TODO**: Pružiti informacije o tome šta je Bittorrent-tracker (Shodan identifikuje ovaj port pod tim imenom). Ako imate više informacija o tome, javite nam, na primer, u [**HackTricks telegram grupi**](https://t.me/peass) (ili u github issue-u u [PEASS](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite)).

**Default Port:** 69/UDP
```
PORT   STATE SERVICE REASON
69/udp open  tftp    script-set
```
# Enumeration

TFTP ne pruža listing direktorijuma, pa će skripta `tftp-enum` iz `nmap` pokušati da brute-forc-uje podrazumevane putanje.
```bash
nmap -n -Pn -sU -p69 -sV --script tftp-enum <IP>
```
## Download/Upload

Možete koristiti Metasploit ili Python da proverite da li možete da preuzmete/otpremite fajlove:
```bash
msf5> auxiliary/admin/tftp/tftp_transfer_util
```

```bash
import tftpy
client = tftpy.TftpClient(<ip>, <port>)
client.download("filename in server", "/tmp/filename", timeout=5)
client.upload("filename to upload", "/local/path/file", timeout=5)
```
## Shodan

* `port:69`


<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>

{% embed url="https://websec.nl/" %}


{% hint style="success" %}
Učite i vežbajte AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Učite i vežbajte GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Podržite HackTricks</summary>

* Proverite [**planove pretplate**](https://github.com/sponsors/carlospolop)!
* **Pridružite se** 💬 [**Discord grupi**](https://discord.gg/hRep4RUj7f) ili [**telegram grupi**](https://t.me/peass) ili **pratite** nas na **Twitteru** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Podelite hakerske trikove slanjem PR-ova na** [**HackTricks**](https://github.com/carlospolop/hacktricks) i [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repozitorijume.

</details>
{% endhint %}
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			`{% hint style="success" %}`
			`Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[HackTricks Training AWS Red Team Expert (ARTE)](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\`
			`Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[HackTricks Training GCP Red Team Expert (GRTE)<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			`<details>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			`<summary>Support HackTricks</summary>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			`* Check the [subscription plans](https://github.com/sponsors/carlospolop)!`
			`* Join the 💬 [Discord group](https://discord.gg/hRep4RUj7f) or the [telegram group](https://t.me/peass) or follow us on Twitter 🐦 [@hacktricks\_live](https://twitter.com/hacktricks\_live).`
			`* Share hacking tricks by submitting PRs to the [HackTricks](https://github.com/carlospolop/hacktricks) and [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github repos.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			`{% endhint %}`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['binary-exploitation/rop-return-oriented-programing/ret2lib/ 2024-05-02 15:11:25 +00:00			`<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>`
Translated ['binary-exploitation/rop-return-oriented-programing/ret2lib/ 2024-04-07 23:00:01 +00:00
			`{% embed url="https://websec.nl/" %}`

Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			`# Basic Information`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			Trivial File Transfer Protocol (TFTP) je jednostavan protokol koji se koristi na UDP portu 69 i omogućava prenos fajlova bez potrebe za autentifikacijom. Istaknut u RFC 1350, njegova jednostavnost znači da mu nedostaju ključne bezbednosne karakteristike, što dovodi do ograničene upotrebe na javnom Internetu. Međutim, TFTP se široko koristi unutar velikih internih mreža za distribuciju konfiguracionih fajlova i ROM slika uređajima kao što su VoIP telefoni, zahvaljujući svojoj efikasnosti u ovim specifičnim scenarijima.
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			`TODO: Pružiti informacije o tome šta je Bittorrent-tracker (Shodan identifikuje ovaj port pod tim imenom). Ako imate više informacija o tome, javite nam, na primer, u [HackTricks telegram grupi](https://t.me/peass) (ili u github issue-u u [PEASS](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite)).`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			`Default Port: 69/UDP`
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			```
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`PORT STATE SERVICE REASON`
			`69/udp open tftp script-set`
			```
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			`# Enumeration`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			TFTP ne pruža listing direktorijuma, pa će skripta `tftp-enum` iz `nmap` pokušati da brute-forc-uje podrazumevane putanje.
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			```bash
			`nmap -n -Pn -sU -p69 -sV --script tftp-enum <IP>`
			```
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			`## Download/Upload`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			`Možete koristiti Metasploit ili Python da proverite da li možete da preuzmete/otpremite fajlove:`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			```bash
			`msf5> auxiliary/admin/tftp/tftp_transfer_util`
			```

			```bash
			`import tftpy`
			`client = tftpy.TftpClient(<ip>, <port>)`
			`client.download("filename in server", "/tmp/filename", timeout=5)`
			`client.upload("filename to upload", "/local/path/file", timeout=5)`
			```
fix mess 2 2022-05-01 12:49:36 +00:00			`## Shodan`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
			* `port:69`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00

Translated ['binary-exploitation/rop-return-oriented-programing/ret2lib/ 2024-05-02 15:11:25 +00:00			`<figure><img src="https://pentest.eu/RENDER_WebSec_10fps_21sec_9MB_29042024.gif" alt=""><figcaption></figcaption></figure>`
Translated ['binary-exploitation/rop-return-oriented-programing/ret2lib/ 2024-04-07 23:00:01 +00:00
			`{% embed url="https://websec.nl/" %}`


Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			`{% hint style="success" %}`
			`Učite i vežbajte AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[HackTricks Training AWS Red Team Expert (ARTE)](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\`
			`Učite i vežbajte GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[HackTricks Training GCP Red Team Expert (GRTE)<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			`<details>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			`<summary>Podržite HackTricks</summary>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			`* Proverite [planove pretplate](https://github.com/sponsors/carlospolop)!`
			`* Pridružite se 💬 [Discord grupi](https://discord.gg/hRep4RUj7f) ili [telegram grupi](https://t.me/peass) ili pratite nas na Twitteru 🐦 [@hacktricks\_live](https://twitter.com/hacktricks\_live).`
			`* Podelite hakerske trikove slanjem PR-ova na [HackTricks](https://github.com/carlospolop/hacktricks) i [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github repozitorijume.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-07-19 05:21:53 +00:00			`{% endhint %}`