maride/hacktricks
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks.git synced 2025-10-10 18:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
hacktricks/src/network-services-pentesting/69-udp-tftp.md
carlospolop 827e6354da fix some titles
2025-07-08 13:28:53 +02:00

49 lines
1.6 KiB
Markdown
Raw Blame History

# 69 - UDP TFTP
{{#include ../banners/hacktricks-training.md}}
## Basic Information
**Trivial File Transfer Protocol (TFTP)** is a straightforward protocol used on **UDP port 69** that allows file transfers without needing authentication. Highlighted in **RFC 1350**, its simplicity means it lacks key security features, leading to limited use on the public Internet. However, **TFTP** is extensively utilized within large internal networks for distributing **configuration files** and **ROM images** to devices such as **VoIP handsets**, thanks to its efficiency in these specific scenarios.
**TODO**: Provide information about what is a Bittorrent-tracker (Shodan identifies this port with that name). If you have more info about this let us know for example in the [**HackTricks telegram group**](https://t.me/peass) (or in a github issue in [PEASS](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite)).
**Default Port:** 69/UDP
```
PORT STATE SERVICE REASON
69/udp open tftp script-set
```
## Enumeration
TFTP doesn't provide directory listing so the script `tftp-enum` from `nmap` will try to brute-force default paths.
```bash
nmap -n -Pn -sU -p69 -sV --script tftp-enum <IP>
```
### Download/Upload
You can use Metasploit or Python to check if you can download/upload files:
```bash
msf5> auxiliary/admin/tftp/tftp_transfer_util
```
```bash
import tftpy
client = tftpy.TftpClient(<ip>, <port>)
client.download("filename in server", "/tmp/filename", timeout=5)
client.upload("filename to upload", "/local/path/file", timeout=5)
```
### Shodan
- `port:69`
{{#include ../banners/hacktricks-training.md}}
Reference in New Issue View Git Blame Copy Permalink