| description |
|---|
Post Office Protocol (POP) is a networking and IP protocol that extracts and retrieves email from remote email servers for a client machine to access. |
nc -nv <IP> 110
openssl s_client -connect <IP>:995 -crlf -quietnmap --script "pop3-capabilities or pop3-ntlm-info" -sV -port <PORT> <IP> #All are default scriptsPOP commands:
USER uid Log in as "uid"
PASS password Substitue "password" for your actual password
STAT List number of messages, total mailbox size
LIST List messages and sizes
RETR n Show message n
DELE n Mark message n for deletion
RSET Undo any changes
QUIT Logout (expunges messages if no RSET)
TOP msg n Show first n lines of message number msg
CAPA Get capabilitiesroot@kali:~# telnet $ip 110
+OK beta POP3 server (JAMES POP3 Server 2.3.2) ready
USER billydean
+OK
PASS password
+OK Welcome billydean
list
+OK 2 1807
1 786
2 1021
retr 1
+OK Message follows
From: jamesbrown@motown.com
Dear Billy Dean,
Here is your login for remote desktop ... try not to forget it this time!
username: billydean
password: PA$$W0RD!Z- We can see that we are able to obtain clear-text credentials from this email via enumeration of POP.