TFTP

Trivial File Transfer Protocol

Enum with Nmap:

$ sudo nmap -sVU -p69 --script tftp-enum 10.10.13.37

Brute Force Filenames

Make a list of potential filenames. Use 8.3 notation:

PS > cmd /c dir /x
PS > cmd /c "for %I in (.) do @echo %~sI"

Download Python TFTP implementation and use the Bash script below:

$ git clone https://github.com/m4tx/pyTFTP && cd pyTFTP
$ ./tftp-brute.sh 10.10.13.37 files.txt

tftp-brute.sh

 #!/usr/bin/env bash

IP=$1
FILES=$2

while IFS= read -r file; do
	echo -n "[*] Trying ${file}... "
	if ./client.py -g "${file}" "${IP}" > /dev/null 2>&1; then
		echo "SUCCESS"
	else
		echo "FAIL"
	fi
done < "${FILES}"

Last updated 3 years ago