POP3 (110)

METHODOLOGY

• Connect with netcat or telnet to the POP server. What software and version is it? Searchsploit and google it.
• This service has default credentials or common credentials like admin : admin?
• If we find some users (with finger, smtp, or whatever service), we can try to brute force it. Be careful, machine could block you.

MORE RESOURCES

• https://book.hacktricks.xyz/pentesting/pentesting-pop
• https://liodeus.github.io/2020/09/18/OSCP-personal-cheatsheet.html#pop3---110
• https://github.com/0bfxgh0st/MMG-LO/

nmap check

nmap --script "pop3-capabilities or pop3-ntlm-info" -sV -p 110 $IP

POP is a mail protocol used to get email messages from a remote computer (POP server).
Connect to the server, check information like version.

nc -nv <IP> 110

telnet <IP> 110

Read mail (creds if needed). Or use the evolution client.

telnet <IP> 110
  USER <USER>
  PASS <PASSWORD>
  LIST
  RETR <MAIL_NUMBER>
  QUIT

Brute force

hydra -l <USER> -P <PASSWORDS_LIST> -f <IP> pop3 -V

hydra -S -v -l <USER> -P <PASSWORDS_LIST> -s 995 -f <IP> pop3 -V