hacktricks/network-services-pentesting/69-udp-tftp.md
2024-12-12 11:39:29 +01:00

4 KiB

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks
{% endhint %}

{% embed url="https://websec.nl/" %}

Basic Information

Trivial File Transfer Protocol (TFTP) is a straightforward protocol used on UDP port 69 that allows file transfers without needing authentication. Highlighted in RFC 1350, its simplicity means it lacks key security features, leading to limited use on the public Internet. However, TFTP is extensively utilized within large internal networks for distributing configuration files and ROM images to devices such as VoIP handsets, thanks to its efficiency in these specific scenarios.

TODO: Provide information about what is a Bittorrent-tracker (Shodan identifies this port with that name). If you have more info about this let us know for example in the HackTricks telegram group (or in a github issue in PEASS).

Default Port: 69/UDP

PORT   STATE SERVICE REASON
69/udp open  tftp    script-set

Enumeration

TFTP doesn't provide directory listing so the script tftp-enum from nmap will try to brute-force default paths.

nmap -n -Pn -sU -p69 -sV --script tftp-enum <IP>

Download/Upload

You can use Metasploit or Python to check if you can download/upload files:

msf5> auxiliary/admin/tftp/tftp_transfer_util
import tftpy
client = tftpy.TftpClient(<ip>, <port>)
client.download("filename in server", "/tmp/filename", timeout=5)
client.upload("filename to upload", "/local/path/file", timeout=5)

Shodan

  • port:69

{% embed url="https://websec.nl/" %}

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks
{% endhint %}