📒
My Pentesting Cheatsheet
  • Home
  • Commands Only Summary
    • Some other cool websites
  • Preparation
    • Documents
    • Contract - Checklist
    • Rules of Engagement - Checklist
    • Contractors Agreement - Checklist for Physical Assessments
  • Information Gathering
  • Vulnerability Assessment
  • Pentesting Machine
  • Enumeration
    • NMAP Scan types explained
    • Firewall and IDS/IPS Evasion
  • Footprinting
    • Google Dorks
    • Samba (smb)
    • NFS
    • DNS
    • SMTP
    • IMAP/POP3
    • SNMP
    • MySQL
    • MSSQL
    • Oracle TNS
    • IPMI
    • SSH
    • RDP
    • WinRM
  • Web Information Gathering
    • Whois
    • DNS & Subdomains
    • Fingerprinting
    • Crawlers
    • Search Engine Discovery
    • Automating Recon
  • Vulnerability Assessment
  • File Transfers
    • Windows Target
    • Linux Target
    • Transferring Files with Code
    • Miscellaneous File Transfer Methods
    • Protected Files Transfer
    • Catching Files over HTTP/S (Nginx)
    • Living Off The Land
    • Evading Detection
  • Shells & Payloads
    • Reverse Shells + Bind + Web
  • Password Attacks
    • John the ripper
    • Remote password attacks
    • Password mutations
    • Password Reuse / Default Passwords
    • Windows Local Password Attacks
    • Linux Local Password Attacks
    • Windows Lateral Movement
    • Cracking Files
  • Attacking Common Services
    • FTP
    • SMB
    • SQL
    • RDP
    • DNS
    • Email Services
  • Pivoting, Tunneling, and Port Forwarding
    • Choosing The Dig Site & Starting Our Tunnels
    • Playing Pong with Socat
    • Pivoting Around Obstacles
    • Branching Out Our Tunnels
    • Double Pivots
    • Final considerations
  • Active Directory Enumeration & Attacks
    • Initial Enumeration
    • Sniffing out a Foothold
    • Sighting In, Hunting For A User
    • Spray Responsibly
    • Deeper Down the Rabbit Hole
    • Kerberoasting - Cooking with Fire
    • Access Control List (ACL)
    • Advanced Privilege Escalation in Active Directory: Stacking The Deck
    • Domain trusts
    • Domain Trusts - Cross Forest
    • Defensive Considerations
  • Using Web Proxies
  • Login Brute Forcing
  • SQL Injection Fundamentals
    • Mitigating SQL Injection
  • SQLMap Essentials
    • Building Attacks
    • Database Enumeration
    • Advanced SQLMap Usage
  • Cross-Site Scripting (XSS)
    • Prevention
  • File Inclusion
  • File Upload Attacks
    • Basic Exploitation
    • Bypassing Filters
    • Other Upload Attacks
    • Prevention
  • Command Injections
    • Exploitation
    • Filter Evasion
  • Web Attacks
    • HTTP Verb Tampering
    • Insecure Direct Object References (IDOR)
    • XML External Entity (XXE) Injection
    • GraphQL
  • Attacking Common Applications
    • Application Discovery & Enumeration
    • Content Management Systems (CMS)
    • Servlet Containers/Software Development
    • Infrastructure/Network Monitoring Tools
    • Customer Service Mgmt & Configuration Management
    • Common Gateway Interfaces
    • Thick Client Applications
    • Miscellaneous Applications
  • Privilege Escalation
    • Linux Privilege Escalation
      • Information Gathering
      • Environment-based Privilege Escalation
      • Service-based Privilege Escalation
      • Linux Internals-based Privilege Escalation
      • Recent 0-Days
      • Linux Hardening
    • Windows Privilege Escalation
      • Getting the Lay of the Land
      • Windows User Privileges
      • Windows Group Privileges
      • Attacking the OS
      • Credential Theft
      • Restricted Environments
      • Additional Techniques
      • Dealing with End of Life Systems
      • Windows Hardening
    • Windows (old page)
  • Documentation & Reporting
    • Preparation
    • Reporting
  • Attacking Enterprise Networks
    • Pre-Engagement
    • External Testing
    • Internal Testing
    • Lateral Movement & Privilege Escalation
    • Wrapping Up
  • Deobfuscation
  • Metasploit
    • msfvenom
  • Custom compiled files
  • XSS
  • Azure AD (Entra ID)
Powered by GitBook
On this page

Last updated 8 months ago

IMAP Commands

1 FETCH 1:* full to get most information

1 FETCH 1:* BODY[TEXT] to get the text in the body

POP3 Commands

Dangerous Configuration settings

Tools

nmap with default scripts

curl curl -k 'imaps://<IP>' --user user:p4ssw0rd

OpenSSL for encrypted interactions:

  • openssl s_client -connect 10.129.14.128:pop3s

  • openssl s_client -connect 10.129.14.128:imaps

Command

Description

1 LOGIN username password

User's login.

1 LIST "" *

Lists all directories.

1 CREATE "INBOX"

Creates a mailbox with a specified name.

1 DELETE "INBOX"

Deletes a mailbox.

1 RENAME "ToRead" "Important"

Renames a mailbox.

1 LSUB "" *

Returns a subset of names from the set of names that the User has declared as being active or subscribed.

1 SELECT INBOX

Selects a mailbox so that messages in the mailbox can be accessed.

1 UNSELECT INBOX

Exits the selected mailbox.

1 FETCH <ID> all

Retrieves data associated with a message in the mailbox.

1 CLOSE

Removes all messages with the Deleted flag set.

1 LOGOUT

Closes the connection with the IMAP server.

Command

Description

USER username

Identifies the user.

PASS password

Authentication of the user using its password.

STAT

Requests the number of saved emails from the server.

LIST

Requests from the server the number and size of all emails.

RETR id

Requests the server to deliver the requested email by ID.

DELE id

Requests the server to delete the requested email by ID.

CAPA

Requests the server to display the server capabilities.

RSET

Requests the server to reset the transmitted information.

QUIT

Closes the connection with the POP3 server.

Setting

Description

auth_debug

Enables all authentication debug logging.

auth_debug_passwords

This setting adjusts log verbosity, the submitted passwords, and the scheme gets logged.

auth_verbose

Logs unsuccessful authentication attempts and their reasons.

auth_verbose_passwords

Passwords used for authentication are logged and can also be truncated.

auth_anonymous_username

This specifies the username to be used when logging in with the ANONYMOUS SASL mechanism.

  1. Footprinting

IMAP/POP3

IMAP on ports: TCP/143 or TCP/993 | POP3 on ports: TCP/110 and TCP/995

PreviousSMTPNextSNMP
  • IMAP Commands
  • POP3 Commands
  • Dangerous Configuration settings
  • Tools