POP3
Post Office Protocol version 3 is a protocol that opens the box, checks if there are (new) emails, and if any, downloads and removes them from the box.
ποΈ Port: 110 (TCP)
π₯ POP3 communications are not encrypted.
π There is a secure version called POP3S (port 995, over SSL/TLS).
It's possible to configure POP3 so that emails aren't removed, but due to how it works, mails will remain marked as "new", and the client will lose track of whether a mail was read or not.
$ telnet IP 110
USER xxx
PASS xxx
STAT # find if there mails
LIST # list new messages
RETR 1 # retrieve the first message
$ curl -k 'pop3s://IP' --user username:password
$ curl -k 'pop3s://IP' [...] -X 'RETR 1'
$ openssl s_client -connect IP:pop3s
Pentester Notes β οΈ
Foothold
- You may try to use brute force:
$ msfconsole -q
msf6> use auxiliary/scanner/pop3/pop3_login
msf6> set USER_FILE /path/to/users.lst
msf6> set PASS_FILE /path/to/pass.lst
msf6> setg RHOSTS IP
msf6> run
- You can try to use
USER
:
$ telnet IP 110
USER xxx
-ERR
USER yyy
+OK
π» To-do π»
Stuff that I found, but never read/used yet.
- dovecot-pop3d
-
sudo nmap IP -p110,995 -sV -sC