143,993 - Pentesting imap

Internet Message Access Protocol as its name implies, IMAP allows you to access your email messages wherever you are; much of the time, it is accessed via the Internet. Basically, email messages are stored on servers. Whenever you check your inbox, your email client contacts the server to connect you with your messages. When you read an email message using IMAP, you aren't actually downloading or storing it on your computer; instead, you are reading it off of the server. As a result, it's possible to check your email from several different devices without missing a thing.

By default, the IMAP protocol works on two ports:

Port 143 - this is the default IMAP non-encrypted port
Port 993 - this is the port you need to use if you want to connect using IMAP securely

nmap

sudo nmap -p 143,993 -sC -sV $IP
|->
143/tcp open   imap    hMailServer imapd
|_imap-capabilities: CHILDREN IDLE NAMESPACE QUOTA OK ACL RIGHTS=texkA0001 IMAP4rev1 SORT completed IMAP4 CAPABILITY

sudo nmap -sV --script imap-brute -p 143 $IP

NTLM Auth - Information disclosure

sudo nmap -sV --script imap-ntlm-info -p 143 $IP

bruteforce

check bruteforce page for ideas

nc -nv <IP> 143
openssl s_client -connect <IP>:993 -quiet

143,993 - Pentesting imap

nmap

NTLM Auth - Information disclosure

bruteforce

banner grabbing