69 - Tftp

💡 学习提示: 本文档介绍 69 - TFTP 的渗透测试方法，适合信息安全初学者和从业人员参考。

⚠️ 法律声明: 本文档仅供学习和授权测试使用。未经授权的系统测试可能违反法律法规。

⚠️ 法律声明: 本文档仅供学习和授权测试使用。未经授权的系统测试可能违反法律法规。

69 - UDP TFTP

基本信息

Trivial File Transfer 协议 (TFTP) is a straightforward protocol used on UDP port 69 that allows file transfers without needing authentication. Highlighted in RFC 1350, its simplicity means it lacks key security features, leading to limited use on the public Internet. However, TFTP is extensively utilized within large internal networks for distributing configuration files and ROM images to devices such as VoIP handsets, thanks to its efficiency in these specific scenarios.

TODO: Provide information about what is a Bittorrent-tracker (Shodan identifies this port with that name). If you have more info about this let us know for example in the HackTricks telegram group (or in a github issue in PEASS).

默认 端口: 69/UDP

PORT   STATE SERVICE REASON
69/udp open  tftp    script-set

信息收集

TFTP doesn’t provide directory listing so the script tftp-enum from nmap will try to brute-force default paths.

nmap -n -Pn -sU -p69 -sV --script tftp-enum <IP>

Download/Upload

You can use Metasploit or Python to check if you can download/upload files:

msf5> auxiliary/admin/tftp/tftp_transfer_util

import tftpy
client = tftpy.TftpClient(<ip>, <port>)
client.download("filename in server", "/tmp/filename", timeout=5)
client.upload("filename to upload", "/local/path/file", timeout=5)

Shodan

# Shodan 搜索语法
port:69

ZoomEye

# ZoomEye 搜索语法
port:69

📖 参考资料

• HackTricks - 69-tftp