Brute forcing IMAP passwords

E-mail accounts store very sensitive information and penetration testers auditing a mail server must detect weak passwords that could compromise e-mail accounts and the information accessible through them.

In this recipe we will brute force IMAP passwords by using Nmap.

How to do it...

To perform brute force password auditing against IMAP, use the following command:

$ nmap -p143 --script imap-brute <target>

All of the valid accounts found will be listed under the script output section:

PORT    STATE SERVICE REASON
143/tcp open  imap    syn-ack
| imap-brute: 
|   Accounts
|     acc1:test - Valid credentials
|     webmaster:webmaster - Valid credentials
|   Statistics
|_    Performed 112 guesses in 112 seconds, average tps: 1

How it works... ...

Get Nmap 6: Network Exploration and Security Auditing Cookbook now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.