IMAP (Internet Message Access Protocol) Service Enumeration

IMAP (Internet Message Access Protocol)

At a Glance

Default Ports

  • IMAP: 143
  • IMAPS (IMAP over SSL): 993

IMAP is an application-layer protocol used by email clients to retrieve messages from a mail server. It was designed to manage multiple email clients, therefore clients generally leave messages on the server until the user explicitly deletes them. 1

Telnet

telnet 10.0.0.3 143

Netcat

nc -n 10.0.0.3 143

openssl 2

openssl s_client -connect 10.0.0.3:993
Parameters
  • s_client: SSL/TLS client program.

NTLM Information Disclosure

See SMTP NTLM Information Disclosure

Manually

telnet example.com 143
...
>> a1 AUTHENTICATE NTLM
+
>> TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA=
+ TlRMTVNTUAACAAAACgAKADgAAAAFgooCBqqVKFrKPCMAAAAAAAAAAEgASABCAAAABgOAJQAAAA9JAEkAUwAwADEAAgAKAEkASQBTADAAMQABAAoASQBJAFMAMAAxAAQACgBJAEkAUwAwADEAAwAKAEkASQBTADAAMQAHAAgAHwMI0VPy1QEAAAAA

imap-ntlm-info NSE Script

nmap -p 143,993 --script imap-ntlm-info 10.0.0.3

Refer to Exploits Search


  1. Contributors to Wikimedia projects. “Internet Message Access Protocol - Wikipedia.” Wikipedia, the Free Encyclopedia, Wikimedia Foundation, Inc., 7 Sept. 2001, https://en.wikipedia.org/wiki/Internet_Message_Access_Protocol. ↩︎

  2. OpenSSL Foundation, Inc. “/Docs/Manmaster/Man1/Openssl.Html.” OpenSSL.Org, https://www.openssl.org/docs/manmaster/man1/openssl.html. ↩︎