Starting Point: Included Machine - Need Help

Hey guys! is it on purpose that the tftp service on port 69 on machine is malfunctioning? I cannot transfer any files so I’m stuck on transferring test.txt :(… can someone shed some more light on the subject? maybe there’s another way to inject a reverse shell?


I’m trying the following:
tftp> put ~/Desktop/test.txt

Transfer timed out

I can get is /etc/passwd -

/* root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin mail:x:8:8:mail:/var/mail:/usr/sbin/nologin news:x:9:9:news:/var/spool/news:/usr/sbin/nologin uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin proxy:x:13:13:proxy:/bin:/usr/sbin/nologin www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin backup:x:34:34:backup:/var/backups:/usr/sbin/nologin list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin systemd-network:x:100:102:systemd Network Management,:/run/systemd/netif:/usr/sbin/nologin systemd-resolve:x:101:103:systemd Resolver,:/run/systemd/resolve:/usr/sbin/nologin syslog:x:102:106::/home/syslog:/usr/sbin/nologin messagebus:x:103:107::/nonexistent:/usr/sbin/nologin _apt:x:104:65534::/nonexistent:/usr/sbin/nologin lxd:x:105:65534::/var/lib/lxd/:/bin/false uuidd:x:106:110::/run/uuidd:/usr/sbin/nologin dnsmasq:x:107:65534:dnsmasq,:/var/lib/misc:/usr/sbin/nologin landscape:x:108:112::/var/lib/landscape:/usr/sbin/nologin pollinate:x:109:1::/var/cache/pollinate:/bin/false mike:x:1000:1000:mike:/home/mike:/bin/bash tftp:x:110:113:tftp daemon,:/var/lib/tftpboot:/usr/sbin/nologin */

I do notice that there’s a user named “mike”, a gnats bug reporting system which I read that could be exploited, www-data user and finally the tftp.
I am only learning so I do not expect myself to own a box, hence the starting point. I’ve been scouring the net over things that might be useful but none is.
I tried going with dirsearch, gobuster, sqlmap on the “?file=” parameter, retrieving the /etc/shadow file, nmapping, masscan, automaternmap and a bunch of more things.

*only port 80 is open, couldn’t find anything else - maybe im using nmap incorrectly?

Seems like this is a technical issue. Tried this with another person and he succeeded in uploading the file. Meaning it’s on my end for some reason.
Hope this issue would be resolved soon.

Anyone got the same issue?

Tried reconnecting VPN, changing the hotspot, resetting the machine, but nothing works.


For some reason UFW was blocking outgoing TFTP traffic.

I’m stuck too. Connected to the server but cannot transfer the file. Tried resetting the machine but still stuck. Please help.

dude u resolved ? im having te same issue …

cant upload the file


I was running into the same issue, and spent way too much time debugging it. What seems to be happening: based on packet captures, outgoing requests are working, but tftp doesn’t seem to receive the replies. It might be bound to the wrong interface when using a VPN.

The only way I could make it work is using a pwnbox. From there, i was able to tftp into the machine with no problems.

Hope that helps,

Found the reason why it didn’t work over my VPN as well. My linode linux box hat all ports except for 22 blocked with a firewall. Check that your firewall doesn’t do something similar. Infos here: How to Configure a Firewall with UFW | Linode