# 110,995 - Pentesting POP
Leer AWS-hacking van nul tot held methtARTE (HackTricks AWS Red Team Expert)!
* Werk jy in 'n **cybersecurity-maatskappy**? Wil jy jou **maatskappy adverteer in HackTricks**? Of wil jy toegang hê tot die **nuutste weergawe van die PEASS of laai HackTricks in PDF af**? Kyk na die [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Ontdek [**The PEASS Family**](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [**NFTs**](https://opensea.io/collection/the-peass-family)
* Kry die [**amptelike PEASS & HackTricks swag**](https://peass.creator-spring.com)
* **Sluit aan by die** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** my op **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Deel jou hacking-truuks deur PR's in te dien by die [hacktricks-repo](https://github.com/carlospolop/hacktricks) en [hacktricks-cloud-repo](https://github.com/carlospolop/hacktricks-cloud)**.
Vind kwesbaarhede wat die belangrikste is sodat jy dit vinniger kan regmaak. Intruder volg jou aanvalsoppervlak, voer proaktiewe dreigingsskanderings uit, vind probleme regoor jou hele tegnologie-stapel, van API's tot webtoepassings en wolkstelsels. [**Probeer dit vandag nog gratis**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks).
{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %}
***
## Basiese Inligting
**Post Office Protocol (POP)** word beskryf as 'n protokol binne die domein van rekenaarnetwerke en die internet, wat gebruik word vir die onttrekking en **herwinning van e-pos van 'n afgeleë posdiensbediener**, sodat dit toeganklik is op die plaaslike toestel. Geplaas binne die toepassingslaag van die OSI-model, maak hierdie protokol dit moontlik vir gebruikers om e-pos op te haal en te ontvang. Die werking van **POP-kliënte** behels tipies die vestiging van 'n verbinding met die posdiensbediener, aflaai van alle boodskappe, stoor van hierdie boodskappe lokaal op die kliëntstelsel, en dit daarna van die bediener verwyder. Alhoewel daar drie iterasies van hierdie protokol is, steek **POP3** uit as die mees algemeen gebruikte weergawe.
**Verstekpoorte:** 110, 995(ssl)
```
PORT STATE SERVICE
110/tcp open pop3
```
### Banner Gaping
Banner Gaping is 'n tegniek wat gebruik word om inligting oor 'n POP-diens te verkry deur die banner te ondersoek wat deur die diens teruggestuur word. Dit kan gedoen word deur 'n eenvoudige TCP-verbinding na die POP-diens te maak en die banner te lees wat deur die diens teruggestuur word. Die banner bevat dikwels nuttige inligting soos die diens se weergawe en die gebruikte sagteware.
Om banner gaping uit te voer, kan jy 'n hulpmiddel soos `telnet` gebruik om 'n TCP-verbinding na die POP-diens te maak en die banner te lees wat deur die diens teruggestuur word. Byvoorbeeld:
```plaintext
telnet 110
```
Nadat jy die verbinding gemaak het, sal jy die banner sien wat deur die POP-diens teruggestuur word. Hierdie banner kan nuttige inligting verskaf wat jy kan gebruik om verdere aanvalle uit te voer of om die POP-diens te identifiseer.
```bash
nc -nv 110
openssl s_client -connect :995 -crlf -quiet
```
## Handleiding
Jy kan die opdrag `CAPA` gebruik om die vermoëns van die POP3-bediener te verkry.
## Geoutomatiseerd
```bash
nmap --script "pop3-capabilities or pop3-ntlm-info" -sV -port #All are default scripts
```
Die `pop3-ntlm-info` invoegtoepassing sal sekere "**sensitiewe**" data (Windows-weergawes) teruggee.
### [POP3 bruteforce](../generic-methodologies-and-resources/brute-force.md#pop)
## POP sintaksis
POP-opdragvoorbeelde van [hier](http://sunnyoasis.com/services/emailviatelnet.html)
```bash
POP commands:
USER uid Log in as "uid"
PASS password Substitue "password" for your actual password
STAT List number of messages, total mailbox size
LIST List messages and sizes
RETR n Show message n
DELE n Mark message n for deletion
RSET Undo any changes
QUIT Logout (expunges messages if no RSET)
TOP msg n Show first n lines of message number msg
CAPA Get capabilities
```
### POP (Post Office Protocol)
POP (Post Office Protocol) is a protocol used by email clients to retrieve email messages from a mail server. It is one of the most common protocols used for email retrieval.
#### POP3
POP3 (Post Office Protocol version 3) is the most widely used version of POP. It operates on port 110 and uses a simple text-based protocol.
##### Enumeration
To enumerate users on a POP3 server, you can use the `USER` command followed by a username. If the server responds with an error message, it means that the user does not exist. If the server responds with a positive message, it means that the user exists.
```
USER
```
##### Brute-Force Attack
To perform a brute-force attack on a POP3 server, you can use a tool like Hydra. Hydra is a powerful tool that can perform dictionary and brute-force attacks against various protocols, including POP3.
```
hydra -L -P -s -f pop3
```
##### Password Spraying
Password spraying is a technique used to bypass account lockouts by attempting a small number of commonly used passwords against multiple user accounts. This technique can be effective against POP3 servers that do not have account lockout policies in place.
##### Exploiting Vulnerabilities
There are several vulnerabilities that can be exploited in POP3 servers, such as buffer overflows, command injection, and format string vulnerabilities. Exploiting these vulnerabilities can allow an attacker to gain unauthorized access to the server or execute arbitrary code.
#### POP3S
POP3S (Secure POP3) is a secure version of POP3 that uses SSL/TLS encryption to secure the communication between the email client and the mail server. It operates on port 995.
##### Enumeration
The enumeration techniques for POP3S are the same as for POP3. However, since POP3S uses SSL/TLS encryption, you will need to use a tool like `openssl` to establish a secure connection to the server.
```
openssl s_client -connect :
```
##### Brute-Force Attack
The brute-force attack techniques for POP3S are the same as for POP3. However, since POP3S uses SSL/TLS encryption, you will need to use a tool like `openssl` to establish a secure connection to the server.
##### Password Spraying
The password spraying techniques for POP3S are the same as for POP3. However, since POP3S uses SSL/TLS encryption, you will need to use a tool like `openssl` to establish a secure connection to the server.
##### Exploiting Vulnerabilities
The vulnerability exploitation techniques for POP3S are the same as for POP3. However, since POP3S uses SSL/TLS encryption, you will need to use a tool like `openssl` to establish a secure connection to the server.
```
root@kali:~# telnet $ip 110
+OK beta POP3 server (JAMES POP3 Server 2.3.2) ready
USER billydean
+OK
PASS password
+OK Welcome billydean
list
+OK 2 1807
1 786
2 1021
retr 1
+OK Message follows
From: jamesbrown@motown.com
Dear Billy Dean,
Here is your login for remote desktop ... try not to forget it this time!
username: billydean
password: PA$$W0RD!Z
```
## Gevaarlike Instellings
Vanaf [https://academy.hackthebox.com/module/112/section/1073](https://academy.hackthebox.com/module/112/section/1073)
| **Instelling** | **Beskrywing** |
| ------------------------- | ----------------------------------------------------------------------------------------------- |
| `auth_debug` | Stel alle verifikasie foutopsporingslogging in. |
| `auth_debug_passwords` | Hierdie instelling pas log-verdowwing toe, die ingedien wagwoorde en die skema word gelog. |
| `auth_verbose` | Log onsuksesvolle verifikasiepogings en hul redes. |
| `auth_verbose_passwords` | Wagwoorde wat vir verifikasie gebruik word, word gelog en kan ook afgekort word. |
| `auth_anonymous_username` | Dit spesifiseer die gebruikersnaam wat gebruik moet word wanneer daar met die ANONYMOUS SASL-meganisme ingeteken word. |
## HackTricks Outomatiese Opdragte
```
Protocol_Name: POP #Protocol Abbreviation if there is one.
Port_Number: 110 #Comma separated if there is more than one.
Protocol_Description: Post Office Protocol #Protocol Abbreviation Spelled out
Entry_1:
Name: Notes
Description: Notes for POP
Note: |
Post Office Protocol (POP) is described as a protocol within the realm of computer networking and the Internet, which is utilized for the extraction and retrieval of email from a remote mail server**, making it accessible on the local device. Positioned within the application layer of the OSI model, this protocol enables users to fetch and receive email. The operation of POP clients typically involves establishing a connection to the mail server, downloading all messages, storing these messages locally on the client system, and subsequently removing them from the server. Although there are three iterations of this protocol, POP3 stands out as the most prevalently employed version.
https://book.hacktricks.xyz/network-services-pentesting/pentesting-pop
Entry_2:
Name: Banner Grab
Description: Banner Grab 110
Command: nc -nv {IP} 110
Entry_3:
Name: Banner Grab 995
Description: Grab Banner Secure
Command: openssl s_client -connect {IP}:995 -crlf -quiet
Entry_4:
Name: Nmap
Description: Scan for POP info
Command: nmap --script "pop3-capabilities or pop3-ntlm-info" -sV -p 110 {IP}
Entry_5:
Name: Hydra Brute Force
Description: Need User
Command: hydra -l {Username} -P {Big_Passwordlist} -f {IP} pop3 -V
Entry_6:
Name: consolesless mfs enumeration
Description: POP3 enumeration without the need to run msfconsole
Note: sourced from https://github.com/carlospolop/legion
Command: msfconsole -q -x 'use auxiliary/scanner/pop3/pop3_version; set RHOSTS {IP}; set RPORT 110; run; exit'
```
Vind kwesbaarhede wat die belangrikste is sodat jy dit vinniger kan regmaak. Intruder volg jou aanvalsoppervlak, voer proaktiewe dreigingsskanderings uit, vind probleme regoor jou hele tegnologie-stapel, van API's tot webtoepassings en wolkstelsels. [**Probeer dit vandag nog gratis**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks).
{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %}
Leer AWS-hacking van nul tot held methtARTE (HackTricks AWS Red Team Expert)!
* Werk jy in 'n **cybersekuriteitsmaatskappy**? Wil jy jou **maatskappy adverteer in HackTricks**? Of wil jy toegang hê tot die **nuutste weergawe van die PEASS of laai HackTricks in PDF af**? Kyk na die [**SUBSKRIPSIEPLANNE**](https://github.com/sponsors/carlospolop)!
* Ontdek [**The PEASS Family**](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [**NFT's**](https://opensea.io/collection/the-peass-family)
* Kry die [**amptelike PEASS & HackTricks-uitrusting**](https://peass.creator-spring.com)
* **Sluit aan by die** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegramgroep**](https://t.me/peass) of **volg** my op **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Deel jou haktruuks deur PR's in te dien by die [hacktricks-repo](https://github.com/carlospolop/hacktricks) en [hacktricks-cloud-repo](https://github.com/carlospolop/hacktricks-cloud)**.
.png)