POP (Post Office Protocol) #
At a Glance #
- POP3: 110
- POP3S (POP3 over TLS or SSL): 995
POP, or POP3 (POP version 3), is an application-layer protocol used by email clients to retrieve messages from a mail server. It provides access via IP to mailboxes maintained on a server.
Because POP was designed for temporary Internet connection, clients connect, retrieve messages, store them on the client, and finally delete them from the server. Clients also have the option to leave messages on the server. By contrast, IMAP was designed to normally leave all messages on the server allowing multiple client applications as online and offline modes. 1
Banner Grabbing #
telnet 10.0.0.3 110
nc -n 10.0.0.3 110
openssl s_client -crlf -connect 10.0.0.3:995
s_client: SSL/TLS client program.
-crlf: translate a line feed from the terminal into
NTLM Information Disclosure #
pop3-ntlm-info NSE Script #
nmap -p 110,995 --script pop3-ntlm-info 10.0.0.3
POP3 capabilities are defined in RFC2449. The
CAPA command allows a client to ask a server what commands it supports and possibly any site-specific policy.
pop3-capabilities NSE Script #
nmap -p 110,995 --script pop3-capabilities 10.0.0.3
USER Username or mailbox. PASS Server/mailbox-specific password. STAT Number of messages in the mailbox. LIST [ message# ] Messages summary. RETR [ message# ] Retrieve selected message. DELE [ message# ] Delete selected message. RSET Reset the session. Undelete deleted messages. NOOP No-op. Keeps connection open. QUIT End session.
Server responses will start either with a successful (
+OK) or failed status
POP3 Exploits Search #
Refer to Exploits Search
Contributors to Wikimedia projects. “Post Office Protocol - Wikipedia.” Wikipedia, the Free Encyclopedia, Wikimedia Foundation, Inc., 9 Sept. 2001, https://en.wikipedia.org/wiki/Post_Office_Protocol. ↩︎
OpenSSL Foundation, Inc. “/Docs/Manmaster/Man1/Openssl.Html.” OpenSSL.Org, https://www.openssl.org/docs/manmaster/man1/openssl.html. ↩︎