TFTP
Trivial File Transfer Protocol
Enum with Nmap:
$ sudo nmap -sVU -p69 --script tftp-enum 10.10.13.37

Brute Force Filenames

Make a list of potential filenames. Use 8.3 notation:
PS > cmd /c dir /x
PS > cmd /c "for %I in (.) do @echo %~sI"
Download Python TFTP implementation and use the Bash script below:
$ git clone https://github.com/m4tx/pyTFTP && cd pyTFTP
$ ./tftp-brute.sh 10.10.13.37 files.txt
tftp-brute.sh
#!/usr/bin/env bash
IP=$1
FILES=$2
while IFS= read -r file; do
echo -n "[*] Trying ${file}... "
if ./client.py -g "${file}" "${IP}" > /dev/null 2>&1; then
echo "SUCCESS"
else
echo "FAIL"
fi
done < "${FILES}"
Last modified 9mo ago
Copy link