DiscordHackTheBoxTryHackMeGitHub

IMAP / POP3

About

IMAP (Internet Message Access Protocol) and POP3 (Post Office Protocol version 3) are two email retrieval protocols that allow users to access their emails from a mail server.

IMAP VS POP3

IMAP:

  • Two-way sync: Messages are stored on the mail server, and changes (read/unread, deleted, folders) are synced across devices.

  • Multiple device access: Emails remain on the server, allowing access from multiple devices (e.g., phone, desktop).

  • More resource-heavy: Requires more storage and bandwidth since messages remain on the server.

POP3:

  • One-way download: Emails are downloaded from the server to a single device and typically deleted from the server.

  • Limited device access: Emails are only stored on the device they were downloaded to, not synced across devices.

  • Lighter on resources: Efficient for local storage but lacks the flexibility of syncing changes across devices.

Summary:

  • IMAP is ideal for multi-device email access with real-time synchronization.

  • POP3 is better for single-device use with local storage.

IMAP Commands

Command
Description

LOGIN username password

User's login

LIST "" *

Lists all directories

CREATE "INBOX"

Creates a mailbox with a specified name

DELETE "INBOX"

Deletes a mailbox

RENAME "ToRead" "Important"

Renames a mailbox

SELECT INBOX

Selects a mailbox so that messages in the mailbox can be accessed

UNSELECT INBOX

Exits the selected mailbox

FETCH <ID> all

Retrieves data associated with a message in the mailbox

CLOSE

Removes all messages with the Deleted flag set

LOGOUT

Closes the connection with the IMAP server

POP3 Commands

Command
Description

USER username

Identifies the user

PASS password

Authentication of the user using its password

STAT

Requests the number of saved emails from the server

LIST

Requests from the server the number and size of all emails

RETR id

Requests the server to deliver the requested email by ID

DELE id

Requests the server to delete the requested email by ID

CAPA

Requests the server to display the server capabilities

RSET

Requests the server to reset the transmitted information

QUIT

Closes the connection with the POP3 server

Dangerous Settings

  • auth_debug - Enables all authentication debug logging.

  • auth_debug_passwords - This setting adjusts log verbosity, the submitted passwords, and the scheme gets logged.

  • auth_verbose - Logs unsuccessful authentication attempts and their reasons.

  • auth_verbose_passwords - Passwords used for authentication are logged and can also be truncated.

  • auth_anonymous_username - This specifies the username to be used when logging in with the ANONYMOUS SASL mechanism.

Tips2Hack

  1. By default, ports 110, 143, 993, and 995 are used for IMAP and POP3

  2. Nmap - basic footprinting

sudo nmap 13.13.13.13 -sV -p110,143,993,995 -sC

  1. IMAP - Curl List mailboxes

curl -k 'imaps://13.13.13.13' --user user:p4ssw0rd

  1. OpenSSL - TLS Encypted Interaction POP3

openssl s_client -connect 13.13.13.13:pop3s
PreviousSMTPNextRSYNC

Last updated