My Pentesting Cheatsheet

Home
Commands Only Summary
- Some other cool websites
Preparation
Information Gathering
Vulnerability Assessment
Pentesting Machine
Enumeration
- NMAP Scan types explained
- Firewall and IDS/IPS Evasion
Footprinting
Web Information Gathering
Vulnerability Assessment
File Transfers
Shells & Payloads
- Reverse Shells + Bind + Web
Password Attacks
Attacking Common Services
Pivoting, Tunneling, and Port Forwarding
Active Directory Enumeration & Attacks
Using Web Proxies
Login Brute Forcing
SQL Injection Fundamentals
- Mitigating SQL Injection
SQLMap Essentials
Cross-Site Scripting (XSS)
- Prevention
File Inclusion
File Upload Attacks
Command Injections
- Exploitation
- Filter Evasion
Web Attacks
Attacking Common Applications
Privilege Escalation
Documentation & Reporting
- Preparation
- Reporting
Attacking Enterprise Networks
Deobfuscation
Metasploit
- msfvenom
Custom compiled files
XSS
Azure AD (Entra ID)

Powered by GitBook

On this page

Last updated 8 months ago

IMAP Commands

1 FETCH 1:* full to get most information

1 FETCH 1:* BODY[TEXT] to get the text in the body

POP3 Commands

Dangerous Configuration settings

Tools

nmap with default scripts

curl curl -k 'imaps://<IP>' --user user:p4ssw0rd

OpenSSL for encrypted interactions:

openssl s_client -connect 10.129.14.128:pop3s
openssl s_client -connect 10.129.14.128:imaps

Command

Description

1 LOGIN username password

User's login.

1 LIST "" *

Lists all directories.

1 CREATE "INBOX"

Creates a mailbox with a specified name.

1 DELETE "INBOX"

Deletes a mailbox.

1 RENAME "ToRead" "Important"

Renames a mailbox.

1 LSUB "" *

Returns a subset of names from the set of names that the User has declared as being active or subscribed.

1 SELECT INBOX

Selects a mailbox so that messages in the mailbox can be accessed.

1 UNSELECT INBOX

Exits the selected mailbox.

1 FETCH <ID> all

Retrieves data associated with a message in the mailbox.

1 CLOSE

Removes all messages with the Deleted flag set.

1 LOGOUT

Closes the connection with the IMAP server.

Command

Description

USER username

Identifies the user.

PASS password

Authentication of the user using its password.

STAT

Requests the number of saved emails from the server.

LIST

Requests from the server the number and size of all emails.

RETR id

Requests the server to deliver the requested email by ID.

DELE id

Requests the server to delete the requested email by ID.

CAPA

Requests the server to display the server capabilities.

RSET

Requests the server to reset the transmitted information.

QUIT

Closes the connection with the POP3 server.

Setting

Description

auth_debug

Enables all authentication debug logging.

auth_debug_passwords

This setting adjusts log verbosity, the submitted passwords, and the scheme gets logged.

auth_verbose

Logs unsuccessful authentication attempts and their reasons.

auth_verbose_passwords

Passwords used for authentication are logged and can also be truncated.

auth_anonymous_username

This specifies the username to be used when logging in with the ANONYMOUS SASL mechanism.

Footprinting

IMAP/POP3

IMAP on ports: TCP/143 or TCP/993 | POP3 on ports: TCP/110 and TCP/995

PreviousSMTP NextSNMP

IMAP Commands
POP3 Commands
Dangerous Configuration settings
Tools