69/UDP TFTP/Bittorrent-tracker

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks
LogoWebsec | Uw Cybersecurity Specialist

Basic Information

Trivial File Transfer Protocol (TFTP) is a straightforward protocol used on UDP port 69 that allows file transfers without needing authentication. Highlighted in RFC 1350, its simplicity means it lacks key security features, leading to limited use on the public Internet. However, TFTP is extensively utilized within large internal networks for distributing configuration files and ROM images to devices such as VoIP handsets, thanks to its efficiency in these specific scenarios.

TODO: Provide information about what is a Bittorrent-tracker (Shodan identifies this port with that name). If you have more info about this let us know for example in the HackTricks telegram group (or in a github issue in PEASS).

Default Port: 69/UDP

PORT   STATE SERVICE REASON
69/udp open  tftp    script-set

Enumeration

TFTP doesn't provide directory listing so the script tftp-enum from nmap will try to brute-force default paths.

nmap -n -Pn -sU -p69 -sV --script tftp-enum <IP>

Download/Upload

You can use Metasploit or Python to check if you can download/upload files:

msf5> auxiliary/admin/tftp/tftp_transfer_util
import tftpy
client = tftpy.TftpClient(<ip>, <port>)
client.download("filename in server", "/tmp/filename", timeout=5)
client.upload("filename to upload", "/local/path/file", timeout=5)

Shodan

  • port:69

LogoWebsec | Uw Cybersecurity Specialist

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks
Previous53 - Pentesting DNSNext79 - Pentesting Finger

Last updated