TFTP (69/udp)

TFTP Enumeration

We can connect tftp to the machine. We can verify if the OS is linux or window by grab some files. Linux: /etc/passwd Window: /Windows/System32/license.rtf

└─$ tftp 10.10.10.10  
tftp> get \Windows\System32\license.rtf
Received 61533 bytes in 35.3 seconds
\Windows\System32\license.rtf	return the path
"/Windows/System32/license.rtf"	specific file

Nmap

└─$ sudo nmap -n -Pn -sU -p69 -sV --script tftp-enum 10.10.10.10                                                                                                                          1 
Nmap scan report for 10.11.1.111
Host is up.

PORT   STATE SERVICE VERSION
69/udp open  tftp?

Download

tftp> get /PROGRA~1/MICROS~1/MSSQL1~1.SQL/MSSQL/Backup/master.mdf
Received 4194541 bytes in 2476.8 seconds

Reference: https://github.com/xpn/Powershell-PostExploitation

Last updated