Internet Message Access Protocol / Post Office Protocol

Footprinting The Service

Nmap

sudo nmap 10.129.14.128 -sV -p110,143,993,995 -sC

Curl

curl -k 'imaps://10.129.14.128' --user user:p4ssw0rd

curl -k 'imaps://10.129.14.128' --user cry0l1t3:1234 -v

Verbosity to show CN & domain & Versioning

Reading Messages

OpenSSL - TLS Encrypted Interaction IMAP

openssl s_client -connect 10.129.14.128:imaps

Authenticating

1 LOGIN robin robin

Listing

1 LIST "" *

Selecting For Use

1 SELECT DEV.DEPARTMENT.INT

Fetching All Messages

f fetch 1:* BODY[]

In This Case Only 1 Message was in the Inbox

Dangerous Settings

Setting	Description
auth_debug	Enables all authentication debug logging.
auth_debug_passwords	This setting adjusts log verbosity, the submitted passwords, and the scheme gets logged.
auth_verbose	Logs unsuccessful authentication attempts and their reasons.
auth_verbose_passwords	Passwords used for authentication are logged and can also be truncated.
auth_anonymous_username	This specifies the username to be used when logging in with the ANONYMOUS SASL mechanism.