hacktricks/network-services-pentesting/69-udp-tftp.md

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

• Check the subscription plans!
• Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
• Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

{% endhint %}

{% embed url="https://websec.nl/" %}

Basic Information

Trivial File Transfer Protocol (TFTP) ni protokali rahisi inayotumika kwenye UDP port 69 inayoruhusu uhamishaji wa faili bila kuhitaji uthibitisho. Imeangaziwa katika RFC 1350, urahisi wake unamaanisha haina vipengele muhimu vya usalama, na kusababisha matumizi yake kuwa madogo kwenye mtandao wa umma. Hata hivyo, TFTP inatumika sana ndani ya mitandao mikubwa ya ndani kwa kusambaza faili za usanidi na picha za ROM kwa vifaa kama VoIP handsets, kutokana na ufanisi wake katika hali hizi maalum.

TODO: Toa taarifa kuhusu nini ni Bittorrent-tracker (Shodan inatambua bandari hii kwa jina hilo). Ikiwa una maelezo zaidi kuhusu hili tujulishe kwa mfano katika HackTricks telegram group (au katika suala la github katika PEASS).

Default Port: 69/UDP

PORT   STATE SERVICE REASON
69/udp open  tftp    script-set

Enumeration

TFTP haitoi orodha ya saraka hivyo skripti tftp-enum kutoka nmap itajaribu kulazimisha njia za kawaida.

nmap -n -Pn -sU -p69 -sV --script tftp-enum <IP>

Download/Upload

Unaweza kutumia Metasploit au Python kuangalia kama unaweza kupakua/kupakia faili:

msf5> auxiliary/admin/tftp/tftp_transfer_util

import tftpy
client = tftpy.TftpClient(<ip>, <port>)
client.download("filename in server", "/tmp/filename", timeout=5)
client.upload("filename to upload", "/local/path/file", timeout=5)

Shodan

• port:69

{% embed url="https://websec.nl/" %}

{% hint style="success" %} Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

• Angalia mpango wa usajili!
• Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
• Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.

{% endhint %}