The Pentesting Guide
TwitterBlog
  • The Pentesting Guide
  • ℹ️0 - Pre-Engagement
  • 🔍1 - Information Gathering
  • Passive (OSINT)
  • Active
    • 🕵️HUMINT
    • WIFI
    • IP & Port Scanning
    • Services
      • 21 - FTP
      • 22 - SSH
      • 25 - SMTP
      • 53 - DNS
      • 80,443 - WEB
      • 88 - Kerberos
      • 110 - POP3
      • 111 - rpcbind
      • 161 - SNMP
      • 389 - LDAP
      • 139,445 - SMB
      • Active Directory
  • 💣2 - Exploitation
  • Brute Forcing
  • WEB
    • Apache Tomcat
    • Authentication
    • Broken Access Control
    • Cache poisoning
    • Clickjacking
    • CORS
    • CSRF
    • File Inclusion
    • Host Header Injection
    • HTTP Request Smuggling
    • Information disclosure
    • JWT
    • OS command injection
    • PHP deserialisation
    • SQLi
    • SSRF
    • SSTI
    • Shellshock
    • Unrestricted File Upload
    • XSS
    • XXE
  • Web (OWASP Test cases)
    • 4.1 Information Gathering
    • 4.2 Configuration and Deployment Management Testing
    • 4.3 Identity Management Testing
    • 4.4 Authentication Testing
    • 4.5 Authorization Testing
    • 4.6 Session Management Testing
    • 4.7 Input Validation Testing
    • 4.8 Testing for Error Handling
    • 4.9 Testing for Weak Cryptography
    • 4.10 Business Logic Testing
    • 4.11 Client-side Testing
    • 4.12 API Testing
  • WIFI
  • HUMINT
    • 🎣Gophish (Phishing)
    • Malicious Phishing Files
    • Phishing Evaluation
  • BoF - Windows(x86)
  • Active Directory
    • Kerberos
    • GPOs
    • Certificates
    • LAPS
    • Domain Trusts
  • 👿3 - Post Exploitation
  • File transfer
  • Shells
  • Situational Awareness
    • Containers and VMs
    • Linux
    • Windows
      • Dumping Credentials
      • Countermeasure Evasion
    • Active Directory
      • BloodHound & SharpHound
  • General
    • Linux
    • Windows
  • Local Privilege Escalation
    • Linux
    • Windows
  • Persistance
    • Windows
  • Cracking
  • Pivoting
    • Tunnelling & Port Forwarding
  • Lateral Movement
  • WIFI
  • 📓4 - Report
  • 🧹5 - House cleaning
Powered by GitBook
On this page
  • Introduction
  • Enumeration
  • Commands
  • Login
  • Listing emails
  • Read an email
  • Delete an email
  1. Active
  2. Services

110 - POP3

Introduction

Port: 110 (TCP)

The Post Office Protocol (POP) is an Internet standard protocol for transferring messages from an e-mail server to an e-mail client.

Enumeration

With the Nmap scripts, you can retrieve information about the server.

  • To include information about: NetBios, DNS and OS build version.

nmap -n -p 110,995 --script=pop3-ntlm-info <TARGET>
  • To show which commands the server supports.

nmap -n -p 110,995 --script=pop3-capabilities <TARGET>

Also, you can use the Metasploit module auxiliary/scanner/pop3/pop3_version in order to obtain the pop3 version.

Commands

In this subsection, you will find some useful commands in order to interact with the POP3 service through CLI.

Login

You can interact with a POP3 services following these steps.

[telnet <IP> <PORT>] | [nc -nC <IP> <PORT>]
ehlo example.com #Some servers also accept helo in place of ehlo.
USER <USERNAME>
PASS <PASSWORD>

Listing emails

> list
1 897
2 5136

Read an email

retr 2 

Delete an email

dele 2

Last updated 2 years ago