Skip to content

IMAP POP3

ℹ️ Informations

  • 🌐 Website: HackTheBox
  • 📚 Module: Footprinting
  • 🔗 Link: IMAP POP3

Question

Figure out the exact organization name from the IMAP/POP3 service and submit it as the answer.

📋 Walkthrough

Let's nmap the target on in scope ports

sudo nmap 10.129.205.130 -sV -p110,143,993,995 -sC

PORT    STATE SERVICE  VERSION
110/tcp open  pop3     Dovecot pop3d
|_pop3-capabilities: SASL CAPA RESP-CODES TOP STLS AUTH-RESP-CODE PIPELINING UIDL
| ssl-cert: Subject: commonName=***.inlanefreight.htb/organizationName=In*********** ***/stateOrProvinceName=London/countryName=UK
| Not valid before: 2021-11-08T23:10:05
|_Not valid after:  2295-08-23T23:10:05
143/tcp open  imap     Dovecot imapd
| ssl-cert: Subject: commonName=***.inlanefreight.htb/organizationName=In*********** ***/stateOrProvinceName=London/
|_Not valid after:  2295-08-23T23:10:05
...

Answer

In*********** ***


Question

What is the FQDN that the IMAP and POP3 servers are assigned to?

📋 Walkthrough

From the previous output

Answer

***.inlanefreight.htb


Question

Enumerate the IMAP service and submit the flag as the answer. (Format: HTB{...})

📋 Walkthrough

Let's run this command:

openssl s_client -connect 10.129.205.130:pop3s

Answer

HTB{******************************}


Question

What is the customized version of the POP3 server?

📋 Walkthrough

Let's run this command:

openssl s_client -connect 10.129.205.130:pop3s

Answer

InFreight POP3 v*.***


Question

What is the admin email address?

📋 Walkthrough

Let's login using robin:robin as provided. I use Evolution tool

Answer

********@inlanefreight.htb>


Question

Try to access the emails on the IMAP server and submit the flag as the answer. (Format: HTB{...})

📋 Walkthrough

From previous answer, we can get the email

Answer

HTB{**************************}