---
title: "69 - Tftp"
weight: 69
date: "2026-03-10T10:03:28+08:00"
lastmod: "2026-03-10T13:26:55+08:00"
---

💡 **学习提示**: 本文档介绍 **69 - TFTP** 的渗透测试方法，适合信息安全初学者和从业人员参考。

⚠️ **法律声明**: 本文档仅供学习和授权测试使用。未经授权的系统测试可能违反法律法规。

---

> ⚠️ **法律声明**: 本文档仅供学习和授权测试使用。未经授权的系统测试可能违反法律法规。

## 69 - UDP TFTP

### 基本信息

**Trivial File Transfer 协议 (TFTP)** is a straightforward protocol used on **UDP port 69** that allows file transfers without needing authentication. Highlighted in **RFC 1350**, its simplicity means it lacks key security features, leading to limited use on the public Internet. However, **TFTP** is extensively utilized within large internal networks for distributing **configuration files** and **ROM images** to devices such as **VoIP handsets**, thanks to its efficiency in these specific scenarios.

**TODO**: Provide information about what is a Bittorrent-tracker (Shodan identifies this port with that name). If you have more info about this let us know for example in the [**HackTricks telegram group**](https://t.me/peass) (or in a github issue in [PEASS](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite)).

**默认 端口:** 69/UDP

```
PORT   STATE SERVICE REASON
69/udp open  tftp    script-set
```

### 信息收集

TFTP doesn't provide directory listing so the script `tftp-enum` from `nmap` will try to brute-force default paths.

```bash
nmap -n -Pn -sU -p69 -sV --script tftp-enum <IP>
```

#### Download/Upload

You can use Metasploit or Python to check if you can download/upload files:

```bash
msf5> auxiliary/admin/tftp/tftp_transfer_util
```

```bash
import tftpy
client = tftpy.TftpClient(<ip>, <port>)
client.download("filename in server", "/tmp/filename", timeout=5)
client.upload("filename to upload", "/local/path/file", timeout=5)
```

#### Shodan

```bash
# Shodan 搜索语法
port:69
```

#### ZoomEye

```bash
# ZoomEye 搜索语法
port:69
```

---

## 📖 参考资料

- [HackTricks - 69-tftp](https://book.hacktricks.wiki/en/network-services-pentesting/69-tftp.html)