143,993-IMAP

The Internet Message Access Protocol (IMAP) is a more advanced protocol that allows users to manage emails directly on the server, syncing changes across multiple devices. It supports features like email organization into folders and preselection, offering a more flexible and efficient email experience.

Default Port: 143,993(ssl)

Banner grabbing

nc -nv $IP 143
openssl s_client -connect $IP:imaps

Nmap

Nmap is a network scanner created by Gordon Lyon. Nmap is used to discover hosts and services on computer network by sending packets and analyzing the responses.

Nmap provides a number of features for probing computer networks, including host discovery and service and operating system detection.

# Default NSE
sudo nmap -sCV -p143,993 $IP

IMAP Commands

To interact with the IMAP, use the telnet tool to establish a connection with the server.

Command	Description
1 LOGIN username password	Login with Credentials
1 LIST "" *	List all directories
1 CREATE "example.INBOX"	Create mailbox
1 DELETE "example.INBOX"	Delete mailbox
1 RENAME "example.INBOX" "Important"	Rename mailbox
1 LSUB "" *	List subscribed mailbox
1 SELECT example.INBOX	Select a mailbox
1 UNSELECT example.INBOX	Exit from selected mailbox
1 FETCH <ID> all	Retrieve message content
1 CLOSE	Close mailbox
1 LOGOUT	Logout

Dangerous settings

While most companies use third-party email providers like Google or Microsoft, some still maintain their own mail servers for various reasons. These settings apply to both POP3 and IMAP protocols.

Setting	Description
auth_debug	Enables all authentication debug logging.
auth_debug_passwords	Increases log verbosity to include submitted passwords and the authentication scheme used.
auth_verbose	Logs failed authentication attempts along with the reasons for failure.
auth_verbose_passwords	Passwords used for authentication are logged and can also be truncated.
auth_anonymous_username	Specifies the username to use when logging in with the ANONYMOUS SASL authentication method.