IMAP And POP3
Table of Contents
IMAP (Internet Message Access Protocol)
port: 143 (unencrypted), 993 (encrypted SSL/TLS)
IMAP Commands
| Command | Description |
|---|
1 LOGIN username password | User's login. |
1 LIST "" * | Lists all directories. |
1 CREATE "INBOX" | Creates a mailbox with a specified name. |
1 DELETE "INBOX" | Deletes a mailbox. |
1 RENAME "ToRead" "Important" | Renames a mailbox. |
1 LSUB "" * | Returns a subset of names from the set of names that the User has declared as being active or subscribed. |
1 SELECT INBOX | Selects a mailbox so that messages in the mailbox can be accessed. |
1 UNSELECT INBOX | Exits the selected mailbox. |
1 FETCH <ID> all | Retrieves data associated with a message in the mailbox. |
1 CLOSE | Removes all messages with the Deleted flag set. |
1 LOGOUT | Closes the connection with the IMAP server. |
Logging into IMAP
Optional: turn on verbose -v for connection information
> curl -k 'imaps://10.129.14.128' --user user:p4ssw0rd
* LIST (\HasNoChildren) "." Important
* LIST (\HasNoChildren) "." INBOX
Interact with IMAP over openssl
> openssl s_client -connect 10.129.14.128:imaps
CONNECTED(00000003)
Can't use SSL_get_servername
depth=0 C = US, ST = California, L = Sacramento, O = Inlanefreight, OU = Customer Support, CN = mail1.inlanefreight.htb, emailAddress = cry0l1t3@inlanefreight.htb
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, ST = California, L = Sacramento, O = Inlanefreight, OU = Customer Support, CN = mail1.inlanefreight.htb, emailAddress = cry0l1t3@inlanefreight.htb
verify return:1
---
Certificate chain
0 s:C = US, ST = California, L = Sacramento, O = Inlanefreight, OU = Customer Support, CN = mail1.inlanefreight.htb, emailAddress = cry0l1t3@inlanefreight.htb
...SNIP...
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 2B7148CD1B7B92BA123E06E22831FCD3B365A5EA06B2CDEF1A5F397177130699
Session-ID-ctx:
Resumption PSK: 4D9F082C6660646C39135F9996DDA2C199C4F7E75D65FA5303F4A0B274D78CC5BD3416C8AF50B31A34EC022B619CC633
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 68 3b b6 68 ff 85 95 7c-8a 8a 16 b2 97 1c 72 24 h;.h...|......r$
0010 - 62 a7 84 ff c3 24 ab 99-de 45 60 26 e7 04 4a 7d b....$...E`&..J}
0020 - bc 6e 06 a0 ff f7 d7 41-b5 1b 49 9c 9f 36 40 8d .n.....A..I..6@.
0030 - 93 35 ed d9 eb 1f 14 d7-a5 f6 3f c8 52 fb 9f 29 .5........?.R..)
0040 - 89 8d de e6 46 95 b3 32-48 80 19 bc 46 36 cb eb ....F..2H...F6..
0050 - 35 79 54 4c 57 f8 ee 55-06 e3 59 7f 5e 64 85 b0 5yTLW..U..Y.^d..
0060 - f3 a4 8c a6 b6 47 e4 59-ee c9 ab 54 a4 ab 8c 01 .....G.Y...T....
0070 - 56 bb b9 bb 3b f6 96 74-16 c9 66 e2 6c 28 c6 12 V...;..t..f.l(..
0080 - 34 c7 63 6b ff 71 16 7f-91 69 dc 38 7a 47 46 ec 4.ck.q...i.8zGF.
0090 - 67 b7 a2 90 8b 31 58 a0-4f 57 30 6a b6 2e 3a 21 g....1X.OW0j..:!
00a0 - 54 c7 ba f0 a9 74 13 11-d5 d1 ec cc ea f9 54 7d T....t........T}
00b0 - 46 a6 33 ed 5d 24 ed b0-20 63 43 d8 8f 14 4d 62 F.3.]$.. cC...Mb
Start Time: 1632081604
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN] HTB-Academy IMAP4 v.0.21.4
POP3 (Post Office Protocol version 3)
port: 110 (unencrypted), 995 (encrypted SSL/TLS)
POP3 Commands
| Command | Description |
|---|
USER username | Identifies the user. |
PASS password | Authentication of the user using its password. |
STAT | Requests the number of saved emails from the server. |
LIST | Requests from the server the number and size of all emails. |
RETR id | Requests the server to deliver the requested email by ID. |
DELE id | Requests the server to delete the requested email by ID. |
CAPA | Requests the server to display the server capabilities. |
RSET | Requests the server to reset the transmitted information. |
QUIT | Closes the connection with the POP3 server. |
Interact with POP3 over openssl
> openssl s_client -connect 10.129.14.128:pop3s
CONNECTED(00000003)
Can't use SSL_get_servername
depth=0 C = US, ST = California, L = Sacramento, O = Inlanefreight, OU = Customer Support, CN = mail1.inlanefreight.htb, emailAddress = cry0l1t3@inlanefreight.htb
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, ST = California, L = Sacramento, O = Inlanefreight, OU = Customer Support, CN = mail1.inlanefreight.htb, emailAddress = cry0l1t3@inlanefreight.htb
verify return:1
---
Certificate chain
0 s:C = US, ST = California, L = Sacramento, O = Inlanefreight, OU = Customer Support, CN = mail1.inlanefreight.htb, emailAddress = cry0l1t3@inlanefreight.htb
...SNIP...
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 3CC39A7F2928B252EF2FFA5462140B1A0A74B29D4708AA8DE1515BB4033D92C2
Session-ID-ctx:
Resumption PSK: 68419D933B5FEBD878FF1BA399A926813BEA3652555E05F0EC75D65819A263AA25FA672F8974C37F6446446BB7EA83F9
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - d7 86 ac 7e f3 f4 95 35-88 40 a5 b5 d6 a6 41 e4 ...~...5.@....A.
0010 - 96 6c e6 12 4f 50 ce 72-36 25 df e1 72 d9 23 94 .l..OP.r6%..r.#.
0020 - cc 29 90 08 58 1b 57 ab-db a8 6b f7 8f 31 5b ad .)..X.W...k..1[.
0030 - 47 94 f4 67 58 1f 96 d9-ca ca 56 f9 7a 12 f6 6d G..gX.....V.z..m
0040 - 43 b9 b6 68 de db b2 47-4f 9f 48 14 40 45 8f 89 C..h...GO.H.@E..
0050 - fa 19 35 9c 6d 3c a1 46-5c a2 65 ab 87 a4 fd 5e ..5.m<.F\.e....^
0060 - a2 95 25 d4 43 b8 71 70-40 6c fe 6f 0e d1 a0 38 ..%.C.qp@l.o...8
0070 - 6e bd 73 91 ed 05 89 83-f5 3e d9 2a e0 2e 96 f8 n.s......>.*....
0080 - 99 f0 50 15 e0 1b 66 db-7c 9f 10 80 4a a1 8b 24 ..P...f.|...J..$
0090 - bb 00 03 d4 93 2b d9 95-64 44 5b c2 6b 2e 01 b5 .....+..dD[.k...
00a0 - e8 1b f4 a4 98 a7 7a 7d-0a 80 cc 0a ad fe 6e b3 ......z}......n.
00b0 - 0a d6 50 5d fd 9a b4 5c-28 a4 c9 36 e4 7d 2a 1e ..P]...\(..6.}*.
Start Time: 1632081313
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
+OK HTB-Academy POP3 Server
Dangerous Configurations
| Setting | Description |
|---|
auth_debug | Enables all authentication debug logging. |
auth_debug_passwords | This setting adjusts log verbosity, the submitted passwords, and the scheme gets logged. |
auth_verbose | Logs unsuccessful authentication attempts and their reasons. |
auth_verbose_passwords | Passwords used for authentication are logged and can also be truncated. |
auth_anonymous_username | This specifies the username to be used when logging in with the ANONYMOUS SASL mechanism. |
- Functionality: Allows online management of emails directly on the mail server with support for folder structures.
- Client-Server Model: Enables synchronization between the local email client and the server, functioning like a network file system for emails.
- Features:
- Hierarchical Mailboxes: Organize emails into folders on the server.
- Multi-Client Access: Multiple users can access and manage emails simultaneously.
- Synchronization: Changes made on one client are reflected across all clients.
- Offline Mode: Some clients offer local copies that sync when reconnected.
- Security:
- Encryption: Often requires SSL/TLS to encrypt commands, emails, usernames, and passwords.
- Vulnerability: Without encryption, data is transmitted in plain text, posing security risks.
- Functionality: Primarily focuses on listing, retrieving, and deleting emails from the server.
- Client-Server Model: Downloads emails to the local client and typically removes them from the server.
- Features:
- Simple Operations: Limited to basic email management without support for server-side folder structures.
- Single-Client Access: Best suited for accessing emails from one device, as emails are usually removed from the server after download.
- Security:
- Encryption: Supports SSL/TLS to secure email transmission.
- Vulnerability: Unencrypted POP3 transmits data in plain text, making it susceptible to interception.
Key Differences from IMAP to POP3:
- Email Management: IMAP allows managing emails directly on the server with folder support, while POP3 downloads and typically deletes emails from the server.
- Synchronization: IMAP provides real-time synchronization across multiple clients, whereas POP3 is designed for single-client access.
- Storage: IMAP requires more server storage due to emails and folders being maintained on the server, whereas POP3 reduces server storage needs by downloading emails locally.
- Use Cases: IMAP is ideal for users accessing emails from multiple devices, ensuring consistency and synchronization. POP3 suits users who prefer to manage emails on a single device without needing server-side organization.