HTTP, FTP, POP3… How does each one work? What do they do? How they can talk to us? Let’s have a close look at protocols and servers.
Let’s scan what we can learn today in our daily #FromZeroToHacker challenge.
| Table of contents |
| Introduction |
| What have I learnt today? |
| Stats |
| Resources |
Introduction to Protocols and Servers
HTTP, FTP, POP3… How does each task work? What do they do? How they can talk to us? Let’s have a close look at protocols and servers, and how we can use a simple Telnet client to fully understand what happens under the hood.
This is the seventh lesson of the Network Security module:
- Passive Reconnaissance
- Active Reconnaissance
- Nmap Live Host Discovery
- Nmap Basic Port Scans
- Nmap Advanced Port Scans
- Nmap Post Port Scans
- Protocols and Servers
- Protocols and Servers 2
- Network Security Challenge
What have I learnt today?
Telnet
The Telnet protocol (port 23) is an application layer protocol that connects to a virtual terminal of another computer. With Telnet, a user can log into another computer and use the terminal, run programs, start processes, perform system administration tasks, etc.
The Telnet protocol is simple: A user connects and they’ll be asked for a username and a password. If authenticated, the user has access to the remote system’s terminal.
Sadly, this communication is not encrypted, making it an easy target for attackers.
We can connect to a server with a Telnet protocol with telnet <TARGET_IP>:
Telnet is not considered a secure option, as it sends all the information in clear text, even the session info:
Hypertext Transfer Protocol (HTTP)
HyperText Transfer Protocol, or HTTP, is the protocol used for web pages. Our web browser connects to the webserver and uses HTTP to request HTML pages, images, and other files through this protocol:
As this protocol is very simple, we can use the telnet client to emulate it:
- We connect to port 80 with
telnet <TARGET_IP> 80. - Once connected, we type
GET /index.html HTTP/1.1to retrieve the pageindex.html. - Finally, we provide some value for the host like
host: telnetthen hit enter twice.
File Transfer Protocol (FTP)
File Transfer Protocol (FTP) was developed to transfer files between different computers.
As FTP also uses cleartext, we can use Telnet (or Netcat) to communicate with an FTP server, acting as an FTP client:
- Connect to an FTP server with a telnet client using port 21 with
telnet <TARGET_IP> 21. - Provide a user with
USER <USERNAME>and a password withPASS <PASSWORD. - If both are correct, you will get logged in.
We have two modes for FTP:
- Active: Data is sent over a separate channel using the FTP server’s port 20.
- Passive: Data is sent over a separate channel using the FTP client’s port above 1023.
We have a command specific to FTP: STAT provides more information, SYST shows the SYStem Type of the target, PASV switches the mode to passive. Also, TYPE A switches the file transfer mode to ASCII while TYPE I switches it to binary.
Here is how an actual file transfer works under FTP:
This is too abstract, so let’s see how we can download a file over FTP:
For FTP clients, besides the terminal, we can use FTP clients with GUI such as FileZilla. Some web browsers even support the FTP protocol.
Simple Mail Transfer Protocol (SMTP)
Email delivery over the Internet requires the following components:
- Mail Submission Agent (MSA).
- Mail Transfer Agent (MTA).
- Mail Delivery Agent (MDA).
- Mail User Agent (MUA).
As you can see, mail transfers have to go through five steps:
- A Mail User Agent (MUA) or email client has an email message to be sent. The MUA connects to a Mail Submission Agent (MSA) to send its message.
- The MSA receives the message, checks for errors and transfer it to the Mail Transfer Agent (MTA) server.
- The MTA will send the email message to the MTA of the recipient.
- A typical setup would have the MTA server also working as a Mail Delivery Agent (MDA).
- The recipient will receive its email from the MDA using their email client.
We need to follow a protocol to communicate with an HTTP server, and we need email protocols to talk with an MTA and an MDA. The protocols are:
- Simple Mail Transfer Protocol, or SMTP
- Post Office Protocol version 3, or POP3, and IMAP.
With that being said, we will explain SMTP in this task, and POP3 and IMAP in the next ones.
Simple Mail Transfer Protocol (SMTP) is used to communicate with an MTA server. Again, this communication uses cleartext, so we can use a basic Telnet client to connect to an SMTP.
SMTP servers listen on port 25 by default:
Post Office Protocol 3 (POP3)
Expanding on the last point, Post Office Protocol 3 (POP3) is a protocol used to download email messages from a Mail Delivery Agent (MDA):
The POP3 server authenticates and downloads the new email messages.
To make it short: The user connects to a POP3 server on port 110. After authenticating, it uses the command STAT to get an +OK nn mm where nn is the number of email messages and mm is the size of the inbox in octets. The command LIST provides a list of new messages and RETR 1 retrieves the first message in the list.
Internet Message Access Protocol (IMAP)
More sophisticated than POP3, IMAP makes it possible to keep your email synchronised across multiple devices (and mail clients). If we mark an email message as read on our phone, the change will be saved on the IMAP server and synchronised with your laptop.
Again, we can connect to IMAP using Telnet with the default port 143. And again, it uses cleartext.
As IMAP tracks every reply, we have to use a string before each command, like c1, c2, etc:
Summary
We have covered various protocols, their usage and how they work. Here is the list:
Stats
From 93.124th to 92.128th. Now in the top 4%!
Here is also the Skill Matrix:
