# 143, 993 - IMAP

## <mark style="color:red;">Banner Grabbing</mark> <a href="#banner-grabbing" id="banner-grabbing"></a>

**Telnet**

```sh
telnet 10.0.0.3 143
```

**Netcat**

```sh
nc -n 10.0.0.3 143
```

**openssl**

```sh
openssl s_client -connect 10.0.0.3:993
```

<details>

<summary>Parameters</summary>

* `s_client`: SSL/TLS client program.

</details>

## <mark style="color:red;">NTLM Information Disclosure</mark> <a href="#ntlm-information-disclosure" id="ntlm-information-disclosure"></a>

**Manually**

```sh
telnet example.com 143
...
>> a1 AUTHENTICATE NTLM
+
>> TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA=
+ TlRMTVNTUAACAAAACgAKADgAAAAFgooCBqqVKFrKPCMAAAAAAAAAAEgASABCAAAABgOAJQAAAA9JAEkAUwAwADEAAgAKAEkASQBTADAAMQABAAoASQBJAFMAMAAxAAQACgBJAEkAUwAwADEAAwAKAEkASQBTADAAMQAHAAgAHwMI0VPy1QEAAAAA
```

[**imap-ntlm-info**](https://nmap.org/nsedoc/scripts/imap-ntlm-info.html) **NSE Script**

```sh
nmap -p 143,993 --script imap-ntlm-info 10.0.0.3
```