HackTricks Press
Search K

Appearance

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

โ›“๏ธ External Link
https://websec.nl/

Basic Information โ€‹

Trivial File Transfer Protocol (TFTP) is a straightforward protocol used on UDP port 69 that allows file transfers without needing authentication. Highlighted in RFC 1350, its simplicity means it lacks key security features, leading to limited use on the public Internet. However, TFTP is extensively utilized within large internal networks for distributing configuration files and ROM images to devices such as VoIP handsets, thanks to its efficiency in these specific scenarios.

TODO: Provide information about what is a Bittorrent-tracker (Shodan identifies this port with that name). If you have more info about this let us know for example in the HackTricks telegram group (or in a github issue in PEASS).

Default Port: 69/UDP

PORT   STATE SERVICE REASON
69/udp open  tftp    script-set

Enumeration โ€‹

TFTP doesn't provide directory listing so the script tftp-enum from nmap will try to brute-force default paths.

bash
nmap -n -Pn -sU -p69 -sV --script tftp-enum <IP>

Download/Upload โ€‹

You can use Metasploit or Python to check if you can download/upload files:

bash
msf5> auxiliary/admin/tftp/tftp_transfer_util
bash
import tftpy
client = tftpy.TftpClient(<ip>, <port>)
client.download("filename in server", "/tmp/filename", timeout=5)
client.upload("filename to upload", "/local/path/file", timeout=5)

Shodan โ€‹

  • port:69
โ›“๏ธ External Link
https://websec.nl/
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks: