protocolsandservers networksecurityprotocols footprinting

Post Office Protocol version 3 is a protocol that opens the box, checks if there are (new) emails, and if any, downloads and removes them from the box.

🐊️ Port: 110 (TCP)

πŸ”₯ POP3 communications are not encrypted.

πŸ”’ There is a secure version called POP3S (port 995, over SSL/TLS).

It's possible to configure POP3 so that emails aren't removed, but due to how it works, mails will remain marked as "new", and the client will lose track of whether a mail was read or not.

$ telnet IP 110
USER xxx
PASS xxx
STAT # find if there mails
LIST # list new messages
RETR 1 # retrieve the first message
$ curl -k 'pop3s://IP' --user username:password
$ curl -k 'pop3s://IP' [...] -X 'RETR 1'
$ openssl s_client -connect IP:pop3s

Pentester Notes ☠️



$ msfconsole -q
msf6> use auxiliary/scanner/pop3/pop3_login
msf6> set USER_FILE /path/to/users.lst
msf6> set PASS_FILE /path/to/pass.lst
msf6> setg RHOSTS IP
msf6> run
  • You can try to use USER:
$ telnet IP 110
USER xxx
USER yyy

πŸ‘» To-do πŸ‘»

Stuff that I found, but never read/used yet.

  • dovecot-pop3d
  • sudo nmap IP -p110,995 -sV -sC