Starting Point: Included Machine - Need Help

Hey guys! is it on purpose that the tftp service on port 69 on machine is malfunctioning? I cannot transfer any files so I’m stuck on transferring test.txt :(… can someone shed some more light on the subject? maybe there’s another way to inject a reverse shell?


I’m trying the following:
tftp> put ~/Desktop/test.txt

Transfer timed out

I can get is /etc/passwd -

/* root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin mail:x:8:8:mail:/var/mail:/usr/sbin/nologin news:x:9:9:news:/var/spool/news:/usr/sbin/nologin uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin proxy:x:13:13:proxy:/bin:/usr/sbin/nologin www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin backup:x:34:34:backup:/var/backups:/usr/sbin/nologin list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin systemd-network:x:100:102:systemd Network Management,:/run/systemd/netif:/usr/sbin/nologin systemd-resolve:x:101:103:systemd Resolver,:/run/systemd/resolve:/usr/sbin/nologin syslog:x:102:106::/home/syslog:/usr/sbin/nologin messagebus:x:103:107::/nonexistent:/usr/sbin/nologin _apt:x:104:65534::/nonexistent:/usr/sbin/nologin lxd:x:105:65534::/var/lib/lxd/:/bin/false uuidd:x:106:110::/run/uuidd:/usr/sbin/nologin dnsmasq:x:107:65534:dnsmasq,:/var/lib/misc:/usr/sbin/nologin landscape:x:108:112::/var/lib/landscape:/usr/sbin/nologin pollinate:x:109:1::/var/cache/pollinate:/bin/false mike:x:1000:1000:mike:/home/mike:/bin/bash tftp:x:110:113:tftp daemon,:/var/lib/tftpboot:/usr/sbin/nologin */

I do notice that there’s a user named “mike”, a gnats bug reporting system which I read that could be exploited, www-data user and finally the tftp.
I am only learning so I do not expect myself to own a box, hence the starting point. I’ve been scouring the net over things that might be useful but none is.
I tried going with dirsearch, gobuster, sqlmap on the “?file=” parameter, retrieving the /etc/shadow file, nmapping, masscan, automaternmap and a bunch of more things.

*only port 80 is open, couldn’t find anything else - maybe im using nmap incorrectly?

Seems like this is a technical issue. Tried this with another person and he succeeded in uploading the file. Meaning it’s on my end for some reason.
Hope this issue would be resolved soon.

Anyone got the same issue?

Tried reconnecting VPN, changing the hotspot, resetting the machine, but nothing works.


For some reason UFW was blocking outgoing TFTP traffic.

I’m stuck too. Connected to the server but cannot transfer the file. Tried resetting the machine but still stuck. Please help.

dude u resolved ? im having te same issue …

cant upload the file


I was running into the same issue, and spent way too much time debugging it. What seems to be happening: based on packet captures, outgoing requests are working, but tftp doesn’t seem to receive the replies. It might be bound to the wrong interface when using a VPN.

The only way I could make it work is using a pwnbox. From there, i was able to tftp into the machine with no problems.

Hope that helps,

Found the reason why it didn’t work over my VPN as well. My linode linux box hat all ports except for 22 blocked with a firewall. Check that your firewall doesn’t do something similar. Infos here: How to Configure a Firewall with UFW | Linode

In my case it was clearly the firewall. As long as you enabled the firewall and rules are set for incoming and outgoing connection, every time you play a new machine you may have to add, modify the rules based on the new machine’s IP and desired port to get shell or same goes to outgoing connection. In this case UDP outgoing connection.

When I found that the “tftp> put shell.php” is sent to remote server using the debugging methods but there is no confirmation that is is placed in the right directory, I though this should be firewall or ufw in linux.

I disabled the firewall with below command.
$sudo ufw disable

The shell can be updated and got the reverse shell back. Not sure how much it is recommended to disable the firewall but I’d only enable it when needed.

I am using parrot OS, HTB image. Hope this helps.