Hey guys! is it on purpose that the tftp service on port 69 on 10.10.10.55 machine is malfunctioning? I cannot transfer any files so I’m stuck on transferring test.txt :(… can someone shed some more light on the subject? maybe there’s another way to inject a reverse shell?
Thanks
I’m trying the following:
tftp 10.10.10.55
tftp> put ~/Desktop/test.txt
Transfer timed out
tftp>
I can get is /etc/passwd -
/* root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin mail:x:8:8:mail:/var/mail:/usr/sbin/nologin news:x:9:9:news:/var/spool/news:/usr/sbin/nologin uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin proxy:x:13:13:proxy:/bin:/usr/sbin/nologin www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin backup:x:34:34:backup:/var/backups:/usr/sbin/nologin list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin systemd-network:x:100:102:systemd Network Management,:/run/systemd/netif:/usr/sbin/nologin systemd-resolve:x:101:103:systemd Resolver,:/run/systemd/resolve:/usr/sbin/nologin syslog:x:102:106::/home/syslog:/usr/sbin/nologin messagebus:x:103:107::/nonexistent:/usr/sbin/nologin _apt:x:104:65534::/nonexistent:/usr/sbin/nologin lxd:x:105:65534::/var/lib/lxd/:/bin/false uuidd:x:106:110::/run/uuidd:/usr/sbin/nologin dnsmasq:x:107:65534:dnsmasq,:/var/lib/misc:/usr/sbin/nologin landscape:x:108:112::/var/lib/landscape:/usr/sbin/nologin pollinate:x:109:1::/var/cache/pollinate:/bin/false mike:x:1000:1000:mike:/home/mike:/bin/bash tftp:x:110:113:tftp daemon,:/var/lib/tftpboot:/usr/sbin/nologin */
I do notice that there’s a user named “mike”, a gnats bug reporting system which I read that could be exploited, www-data user and finally the tftp.
I am only learning so I do not expect myself to own a box, hence the starting point. I’ve been scouring the net over things that might be useful but none is.
I tried going with dirsearch, gobuster, sqlmap on the “?file=” parameter, retrieving the /etc/shadow file, nmapping, masscan, automaternmap and a bunch of more things.
*only port 80 is open, couldn’t find anything else - maybe im using nmap incorrectly?