TFTP [Initial Access]

Trivial File Transfer Protocol (TFTP) is a simple protocol for transferring files between a client and a server on a network. It's often used for devices that don't have storage devices, like thin client PCs.

Trivial File Transfer Protocol (TFTP)

Trivial File Transfer Protocol (TFTP) is a simple file transfer protocol that does not require user authentication. It is suitable for applications that do not need the advanced features of File Transfer Protocol (FTP).

However, because TFTP doesn’t require authentication, anyone can connect to a TFTP server and upload or download files from the system without authorization.

This presents a security risk, especially when combined with a Local File Inclusion (LFI) vulnerability.

We can see that a TFTP user is present.

Exploiting TFTP

We know that the backend system supports PHP. We will craft and upload php reverse shell code.

cheatsheets/pt_tftp at master · mivang/cheatsheetsGitHub

I will first make php reverse shell file using revshell.com

Now I will upload this shell.php file using tftp.

Connect to TFTP, checked connection status and then uploaded my newly created shell.php

Now we need to access this file. To do that we need to know where this file got uploaded.

We can see that it says that its default location is /var/lib/tftpboot . Let's try to curl our shell file at this location.

First start the reverse shell.

We got the shell as www-data a user which is the normal user that the web server (apache or nginx) runs as.

Stabilizing the shell

For Linux victim machine | Tools | Tips To Securehacking.tipstosecure.com

The above command stabilises the shell based on whichever version of Python is present in the system.

For tab completion functionality we need to run the below command: