hacktricks/network-services-pentesting/pentesting-imap.md

# 143,993 - Pentesting IMAP

<details>

<summary><strong>Leer AWS-hacking vanaf nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

Ander maniere om HackTricks te ondersteun:

* As jy wil sien dat jou **maatskappy geadverteer word in HackTricks** of **HackTricks aflaai in PDF-formaat** Kyk na die [**INSKRYWINGSPLANNE**](https://github.com/sponsors/carlospolop)!
* Kry die [**amptelike PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Ontdek [**Die PEASS Familie**](https://opensea.io/collection/the-peass-family), ons versameling van eksklusiewe [**NFT's**](https://opensea.io/collection/the-peass-family)
* **Sluit aan by die** 💬 [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Deel jou haktruuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github-opslag.

</details>

**Try Hard Security Group**

<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>

{% embed url="https://discord.gg/tryhardsecurity" %}

***

## Internetboodskaptoegangprotokol

Die **Internetboodskaptoegangprotokol (IMAP)** is ontwerp met die doel om gebruikers in staat te stel om hul **e-posboodskappe vanaf enige plek te benader**, hoofsaaklik deur 'n internetverbinding. In essensie word e-posse **op 'n bediener bewaar** eerder as om afgelaai en gestoor te word op 'n individu se persoonlike toestel. Dit beteken dat wanneer 'n e-pos geopen of gelees word, dit direk vanaf die bediener gedoen word. Hierdie vermoë maak dit moontlik om gerieflik e-posse vanaf **verskeie toestelle** te kontroleer, en verseker dat geen boodskappe gemis word nie, ongeag die gebruikte toestel.

Standaard werk die IMAP-protokol op twee poorte:

* **Poort 143** - dit is die verstek IMAP nie-geënkripteerde poort
* **Poort 993** - dit is die poort wat jy moet gebruik as jy wil koppel met IMAP op 'n veilige manier
```
PORT    STATE SERVICE REASON
143/tcp open  imap    syn-ack
```
## Banier gryp
```bash
nc -nv <IP> 143
openssl s_client -connect <IP>:993 -quiet
```
### NTLM Auth - Inligtingsoffening

Indien die bediener NTLM-outentifisering ondersteun (Windows) kan jy sensitiewe inligting (weergawes) verkry:
```
root@kali: telnet example.com 143
* OK The Microsoft Exchange IMAP4 service is ready.
>> a1 AUTHENTICATE NTLM
+
>> TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA=
+ TlRMTVNTUAACAAAACgAKADgAAAAFgooCBqqVKFrKPCMAAAAAAAAAAEgASABCAAAABgOAJQAAAA9JAEkAUwAwADEAAgAKAEkASQBTADAAMQABAAoASQBJAFMAMAAxAAQACgBJAEkAUwAwADEAAwAKAEkASQBTADAAMQAHAAgAHwMI0VPy1QEAAAAA
```
Of **outomatiseer** dit met **nmap** invoegtoepassing `imap-ntlm-info.nse`

### [IMAP Bruteforce](../generic-methodologies-and-resources/brute-force.md#imap)

## Syntax

IMAP-opdragvoorbeelde van [hier](https://donsutherland.org/crib/imap):
```
Login
A1 LOGIN username password
Values can be quoted to enclose spaces and special characters. A " must then be escape with a \
A1 LOGIN "username" "password"

List Folders/Mailboxes
A1 LIST "" *
A1 LIST INBOX *
A1 LIST "Archive" *

Create new Folder/Mailbox
A1 CREATE INBOX.Archive.2012
A1 CREATE "To Read"

Delete Folder/Mailbox
A1 DELETE INBOX.Archive.2012
A1 DELETE "To Read"

Rename Folder/Mailbox
A1 RENAME "INBOX.One" "INBOX.Two"

List Subscribed Mailboxes
A1 LSUB "" *

Status of Mailbox (There are more flags than the ones listed)
A1 STATUS INBOX (MESSAGES UNSEEN RECENT)

Select a mailbox
A1 SELECT INBOX

List messages
A1 FETCH 1:* (FLAGS)
A1 UID FETCH 1:* (FLAGS)

Retrieve Message Content
A1 FETCH 2 body[text]
A1 FETCH 2 all
A1 UID FETCH 102 (UID RFC822.SIZE BODY.PEEK[])

Close Mailbox
A1 CLOSE

Logout
A1 LOGOUT
```
### Evolusie
```
apt install evolution
```
![](<../.gitbook/assets/image (528).png>)

### CURL

Basiese navigasie is moontlik met [CURL](https://ec.haxx.se/usingcurl/usingcurl-reademail#imap), maar die dokumentasie is skaars oor die besonderhede, dus word dit aanbeveel om die [bron](https://github.com/curl/curl/blob/master/lib/imap.c) te raadpleeg vir presiese besonderhede.

1. Lys van posbusse (imap-opdrag `LIST "" "*"`)
```bash
curl -k 'imaps://1.2.3.4/' --user user:pass
```
2. Lys van boodskappe in 'n posbus (imap-opdrag `SELECT INBOX` en dan `SEARCH ALL`)
```bash
curl -k 'imaps://1.2.3.4/INBOX?ALL' --user user:pass
```
Die resultaat van hierdie soektog is 'n lys van boodskapindekse.

Dit is ook moontlik om meer komplekse soekterme te verskaf. bv. soek na konsepte met wagwoord in e-pos liggaam:
```bash
curl -k 'imaps://1.2.3.4/Drafts?TEXT password' --user user:pass
```
'n Goeie oorsig van die soekterme moontlik is geleë [hier](https://www.atmail.com/blog/imap-commands/).

3. Die aflaai van 'n boodskap (imap bevel `SELECT Drafts` en dan `FETCH 1 BODY[]`)
```bash
curl -k 'imaps://1.2.3.4/Drafts;MAILINDEX=1' --user user:pass
```
Die e-pos indeks sal dieselfde indeks wees wat teruggegee word deur die soekoperasie.

Dit is ook moontlik om `UID` (unieke id) te gebruik om boodskappe te benader, maar dit is minder gerieflik aangesien die soekbevel handmatig geformateer moet word. Byvoorbeeld:
```bash
curl -k 'imaps://1.2.3.4/INBOX' -X 'UID SEARCH ALL' --user user:pass
curl -k 'imaps://1.2.3.4/INBOX;UID=1' --user user:pass
```
Ook moontlik om net dele van 'n boodskap af te laai, bv. onderwerp en afstuurder van die eerste 5 boodskappe (die `-v` is nodig om die onderwerp en afstuurder te sien):
```bash
$ curl -k 'imaps://1.2.3.4/INBOX' -X 'FETCH 1:5 BODY[HEADER.FIELDS (SUBJECT FROM)]' --user user:pass -v 2>&1 | grep '^<'
```
Alhoewel, dit is waarskynlik skoner om net 'n klein for-lus te skryf:
```bash
for m in {1..5}; do
echo $m
curl "imap://1.2.3.4/INBOX;MAILINDEX=$m;SECTION=HEADER.FIELDS%20(SUBJECT%20FROM)" --user user:pass
done
```
## Shodan

* `port:143 CAPABILITY`
* `port:993 CAPABILITY`

**Probeer Hard Security Group**

<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>

{% embed url="https://discord.gg/tryhardsecurity" %}

## HackTricks Outomatiese Opdragte
```
Protocol_Name: IMAP    #Protocol Abbreviation if there is one.
Port_Number:  143,993     #Comma separated if there is more than one.
Protocol_Description: Internet Message Access Protocol         #Protocol Abbreviation Spelled out

Entry_1:
Name: Notes
Description: Notes for WHOIS
Note: |
The Internet Message Access Protocol (IMAP) is designed for the purpose of enabling users to access their email messages from any location, primarily through an Internet connection. In essence, emails are retained on a server rather than being downloaded and stored on an individual's personal device. This means that when an email is accessed or read, it is done directly from the server. This capability allows for the convenience of checking emails from multiple devices, ensuring that no messages are missed regardless of the device used.

https://book.hacktricks.xyz/pentesting/pentesting-imap

Entry_2:
Name: Banner Grab
Description: Banner Grab 143
Command: nc -nv {IP} 143

Entry_3:
Name: Secure Banner Grab
Description: Banner Grab 993
Command: openssl s_client -connect {IP}:993 -quiet

Entry_4:
Name: consolesless mfs enumeration
Description: IMAP enumeration without the need to run msfconsole
Note: sourced from https://github.com/carlospolop/legion
Command: msfconsole -q -x 'use auxiliary/scanner/imap/imap_version; set RHOSTS {IP}; set RPORT 143; run; exit'
```
<details>

<summary><strong>Leer AWS-hacking vanaf nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

Ander maniere om HackTricks te ondersteun:

* As jy jou **maatskappy geadverteer wil sien in HackTricks** of **HackTricks in PDF wil aflaai** Kyk na die [**INSKRYWINGSPLANNE**](https://github.com/sponsors/carlospolop)!
* Kry die [**amptelike PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Ontdek [**Die PEASS Familie**](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Sluit aan by die** 💬 [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Deel jou hacking-truuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github-opslag.

</details>
GitBook: [#3160] No subject 2022-05-01 13:25:53 +00:00			`# 143,993 - Pentesting IMAP`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`<details>`

Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			`<summary><strong>Leer AWS-hacking vanaf nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`Ander maniere om HackTricks te ondersteun:`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			`* As jy wil sien dat jou maatskappy geadverteer word in HackTricks of HackTricks aflaai in PDF-formaat Kyk na die [INSKRYWINGSPLANNE](https://github.com/sponsors/carlospolop)!`
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`* Kry die [amptelike PEASS & HackTricks swag](https://peass.creator-spring.com)`
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:38:35 +00:00			`* Ontdek [Die PEASS Familie](https://opensea.io/collection/the-peass-family), ons versameling van eksklusiewe [NFT's](https://opensea.io/collection/the-peass-family)`
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			`* Sluit aan by die 💬 [Discord-groep](https://discord.gg/hRep4RUj7f) of die [telegram-groep](https://t.me/peass) of volg ons op Twitter 🐦 [@carlospolopm](https://twitter.com/hacktricks\_live).`
			`* Deel jou haktruuks deur PR's in te dien by die [HackTricks](https://github.com/carlospolop/hacktricks) en [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github-opslag.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`

Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:38:35 +00:00			`Try Hard Security Group`

			`<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>`

			`{% embed url="https://discord.gg/tryhardsecurity" %}`

			`***`

Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			`## Internetboodskaptoegangprotokol`
intruder 2023-09-02 23:48:41 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:38:35 +00:00			Die Internetboodskaptoegangprotokol (IMAP) is ontwerp met die doel om gebruikers in staat te stel om hul e-posboodskappe vanaf enige plek te benader, hoofsaaklik deur 'n internetverbinding. In essensie word e-posse op 'n bediener bewaar eerder as om afgelaai en gestoor te word op 'n individu se persoonlike toestel. Dit beteken dat wanneer 'n e-pos geopen of gelees word, dit direk vanaf die bediener gedoen word. Hierdie vermoë maak dit moontlik om gerieflik e-posse vanaf verskeie toestelle te kontroleer, en verseker dat geen boodskappe gemis word nie, ongeag die gebruikte toestel.
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`Standaard werk die IMAP-protokol op twee poorte:`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			`* Poort 143 - dit is die verstek IMAP nie-geënkripteerde poort`
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:38:35 +00:00			`* Poort 993 - dit is die poort wat jy moet gebruik as jy wil koppel met IMAP op 'n veilige manier`
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			```
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`PORT STATE SERVICE REASON`
			`143/tcp open imap syn-ack`
			```
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			`## Banier gryp`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			```bash
			`nc -nv <IP> 143`
			`openssl s_client -connect <IP>:993 -quiet`
			```
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			`### NTLM Auth - Inligtingsoffening`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			`Indien die bediener NTLM-outentifisering ondersteun (Windows) kan jy sensitiewe inligting (weergawes) verkry:`
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			```
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`root@kali: telnet example.com 143`
			`* OK The Microsoft Exchange IMAP4 service is ready.`
			`>> a1 AUTHENTICATE NTLM`
			`+`
			`>> TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA=`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`+ TlRMTVNTUAACAAAACgAKADgAAAAFgooCBqqVKFrKPCMAAAAAAAAAAEgASABCAAAABgOAJQAAAA9JAEkAUwAwADEAAgAKAEkASQBTADAAMQABAAoASQBJAFMAMAAxAAQACgBJAEkAUwAwADEAAwAKAEkASQBTADAAMQAHAAgAHwMI0VPy1QEAAAAA`
			```
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			Of outomatiseer dit met nmap invoegtoepassing `imap-ntlm-info.nse`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
GitBook: [#3160] No subject 2022-05-01 13:25:53 +00:00			`### [IMAP Bruteforce](../generic-methodologies-and-resources/brute-force.md#imap)`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			`## Syntax`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			`IMAP-opdragvoorbeelde van [hier](https://donsutherland.org/crib/imap):`
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			```
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`Login`
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`A1 LOGIN username password`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`Values can be quoted to enclose spaces and special characters. A " must then be escape with a \`
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`A1 LOGIN "username" "password"`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
			`List Folders/Mailboxes`
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`A1 LIST "" *`
			`A1 LIST INBOX *`
			`A1 LIST "Archive" *`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
			`Create new Folder/Mailbox`
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`A1 CREATE INBOX.Archive.2012`
			`A1 CREATE "To Read"`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
			`Delete Folder/Mailbox`
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`A1 DELETE INBOX.Archive.2012`
			`A1 DELETE "To Read"`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
			`Rename Folder/Mailbox`
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`A1 RENAME "INBOX.One" "INBOX.Two"`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
			`List Subscribed Mailboxes`
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`A1 LSUB "" *`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
			`Status of Mailbox (There are more flags than the ones listed)`
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`A1 STATUS INBOX (MESSAGES UNSEEN RECENT)`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
			`Select a mailbox`
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`A1 SELECT INBOX`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
			`List messages`
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`A1 FETCH 1:* (FLAGS)`
			`A1 UID FETCH 1:* (FLAGS)`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
			`Retrieve Message Content`
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`A1 FETCH 2 body[text]`
			`A1 FETCH 2 all`
			`A1 UID FETCH 102 (UID RFC822.SIZE BODY.PEEK[])`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
			`Close Mailbox`
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`A1 CLOSE`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
			`Logout`
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`A1 LOGOUT`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			```
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`### Evolusie`
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			```
GitBook: [master] one page and one asset modified 2021-05-31 23:28:35 +00:00			`apt install evolution`
			```
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			`![](<../.gitbook/assets/image (528).png>)`
GitBook: [master] one page and one asset modified 2021-05-31 23:28:35 +00:00
GitBook: [#3160] No subject 2022-05-01 13:25:53 +00:00			`### CURL`
describe imap usage with curl 2020-12-21 13:41:29 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			`Basiese navigasie is moontlik met [CURL](https://ec.haxx.se/usingcurl/usingcurl-reademail#imap), maar die dokumentasie is skaars oor die besonderhede, dus word dit aanbeveel om die [bron](https://github.com/curl/curl/blob/master/lib/imap.c) te raadpleeg vir presiese besonderhede.`
GitBook: [master] 10 pages and 25 assets modified 2020-12-21 17:07:56 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			1. Lys van posbusse (imap-opdrag `LIST "" "*"`)
a 2024-02-08 21:36:15 +00:00			```bash
			`curl -k 'imaps://1.2.3.4/' --user user:pass`
			```
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			2. Lys van boodskappe in 'n posbus (imap-opdrag `SELECT INBOX` en dan `SEARCH ALL`)
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			```bash
a 2024-02-08 21:36:15 +00:00			`curl -k 'imaps://1.2.3.4/INBOX?ALL' --user user:pass`
			```
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			`Die resultaat van hierdie soektog is 'n lys van boodskapindekse.`
GitBook: [master] 10 pages and 25 assets modified 2020-12-21 17:07:56 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			`Dit is ook moontlik om meer komplekse soekterme te verskaf. bv. soek na konsepte met wagwoord in e-pos liggaam:`
a 2024-02-08 21:36:15 +00:00			```bash
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			`curl -k 'imaps://1.2.3.4/Drafts?TEXT password' --user user:pass`
a 2024-02-08 21:36:15 +00:00			```
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			`'n Goeie oorsig van die soekterme moontlik is geleë [hier](https://www.atmail.com/blog/imap-commands/).`
GitBook: [master] 10 pages and 25 assets modified 2020-12-21 17:07:56 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:38:35 +00:00			3. Die aflaai van 'n boodskap (imap bevel `SELECT Drafts` en dan `FETCH 1 BODY[]`)
a 2024-02-08 21:36:15 +00:00			```bash
			`curl -k 'imaps://1.2.3.4/Drafts;MAILINDEX=1' --user user:pass`
			```
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			`Die e-pos indeks sal dieselfde indeks wees wat teruggegee word deur die soekoperasie.`
GitBook: [master] 10 pages and 25 assets modified 2020-12-21 17:07:56 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			Dit is ook moontlik om `UID` (unieke id) te gebruik om boodskappe te benader, maar dit is minder gerieflik aangesien die soekbevel handmatig geformateer moet word. Byvoorbeeld:
GitBook: [master] 10 pages and 25 assets modified 2020-12-21 17:07:56 +00:00			```bash
a 2024-02-08 21:36:15 +00:00			`curl -k 'imaps://1.2.3.4/INBOX' -X 'UID SEARCH ALL' --user user:pass`
			`curl -k 'imaps://1.2.3.4/INBOX;UID=1' --user user:pass`
describe imap usage with curl 2020-12-21 13:41:29 +00:00			```
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			Ook moontlik om net dele van 'n boodskap af te laai, bv. onderwerp en afstuurder van die eerste 5 boodskappe (die `-v` is nodig om die onderwerp en afstuurder te sien):
GitBook: [master] 10 pages and 25 assets modified 2020-12-21 17:07:56 +00:00			```bash
describe imap usage with curl 2020-12-21 13:41:29 +00:00			`$ curl -k 'imaps://1.2.3.4/INBOX' -X 'FETCH 1:5 BODY[HEADER.FIELDS (SUBJECT FROM)]' --user user:pass -v 2>&1 \| grep '^<'`
			```
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:38:35 +00:00			`Alhoewel, dit is waarskynlik skoner om net 'n klein for-lus te skryf:`
a 2024-02-08 21:36:15 +00:00			```bash
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			`for m in {1..5}; do`
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`echo $m`
			`curl "imap://1.2.3.4/INBOX;MAILINDEX=$m;SECTION=HEADER.FIELDS%20(SUBJECT%20FROM)" --user user:pass`
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			`done`
describe imap usage with curl 2020-12-21 13:41:29 +00:00			```
GitBook: [#3160] No subject 2022-05-01 13:25:53 +00:00			`## Shodan`
GitBook: [master] 378 pages modified 2020-10-05 13:04:03 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:38:35 +00:00			* `port:143 CAPABILITY`
			* `port:993 CAPABILITY`

			`Probeer Hard Security Group`

			`<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>`

			`{% embed url="https://discord.gg/tryhardsecurity" %}`
HAC imap 2021-08-12 13:02:06 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			`## HackTricks Outomatiese Opdragte`
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			```
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			`Protocol_Name: IMAP #Protocol Abbreviation if there is one.`
			`Port_Number: 143,993 #Comma separated if there is more than one.`
			`Protocol_Description: Internet Message Access Protocol #Protocol Abbreviation Spelled out`
Translated to Afrikaans 2024-02-11 02:07:06 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			`Entry_1:`
			`Name: Notes`
			`Description: Notes for WHOIS`
			`Note: \|`
			The Internet Message Access Protocol (IMAP) is designed for the purpose of enabling users to access their email messages from any location, primarily through an Internet connection. In essence, emails are retained on a server rather than being downloaded and stored on an individual's personal device. This means that when an email is accessed or read, it is done directly from the server. This capability allows for the convenience of checking emails from multiple devices, ensuring that no messages are missed regardless of the device used.
Translated to Afrikaans 2024-02-11 02:07:06 +00:00
			`https://book.hacktricks.xyz/pentesting/pentesting-imap`

Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			`Entry_2:`
			`Name: Banner Grab`
			`Description: Banner Grab 143`
			`Command: nc -nv {IP} 143`
intruder 2023-09-02 23:48:41 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			`Entry_3:`
			`Name: Secure Banner Grab`
			`Description: Banner Grab 993`
			`Command: openssl s_client -connect {IP}:993 -quiet`
intruder 2023-09-02 23:48:41 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			`Entry_4:`
			`Name: consolesless mfs enumeration`
			`Description: IMAP enumeration without the need to run msfconsole`
			`Note: sourced from https://github.com/carlospolop/legion`
			`Command: msfconsole -q -x 'use auxiliary/scanner/imap/imap_version; set RHOSTS {IP}; set RPORT 143; run; exit'`
			```
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00			`<details>`

Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			`<summary><strong>Leer AWS-hacking vanaf nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			`Ander maniere om HackTricks te ondersteun:`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			`* As jy jou maatskappy geadverteer wil sien in HackTricks of HackTricks in PDF wil aflaai Kyk na die [INSKRYWINGSPLANNE](https://github.com/sponsors/carlospolop)!`
			`* Kry die [amptelike PEASS & HackTricks swag](https://peass.creator-spring.com)`
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:38:35 +00:00			`* Ontdek [Die PEASS Familie](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [NFTs](https://opensea.io/collection/the-peass-family)`
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			`* Sluit aan by die 💬 [Discord-groep](https://discord.gg/hRep4RUj7f) of die [telegram-groep](https://t.me/peass) of volg ons op Twitter 🐦 [@carlospolopm](https://twitter.com/hacktricks\_live).`
			`* Deel jou hacking-truuks deur PR's in te dien by die [HackTricks](https://github.com/carlospolop/hacktricks) en [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github-opslag.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`