hacktricks/network-services-pentesting/pentesting-pop.md

110,995 - Pentesting POP

Leer AWS-hacking van nul tot held met htARTE (HackTricks AWS Red Team Expert)!

• Werk jy in 'n cybersecurity-maatskappy? Wil jy jou maatskappy adverteer in HackTricks? Of wil jy toegang hê tot die nuutste weergawe van die PEASS of laai HackTricks in PDF af? Kyk na die SUBSCRIPTION PLANS!
• Ontdek The PEASS Family, ons versameling eksklusiewe NFTs
• Kry die amptelike PEASS & HackTricks swag
• Sluit aan by die 💬 Discord-groep of die telegram-groep of volg my op Twitter 🐦@carlospolopm.
• Deel jou hacking-truuks deur PR's in te dien by die hacktricks-repo en hacktricks-cloud-repo.

Vind kwesbaarhede wat die belangrikste is sodat jy dit vinniger kan regmaak. Intruder volg jou aanvalsoppervlak, voer proaktiewe dreigingsskanderings uit, vind probleme regoor jou hele tegnologie-stapel, van API's tot webtoepassings en wolkstelsels. Probeer dit vandag nog gratis.

{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %}

---

Basiese Inligting

Post Office Protocol (POP) word beskryf as 'n protokol binne die domein van rekenaarnetwerke en die internet, wat gebruik word vir die onttrekking en herwinning van e-pos van 'n afgeleë posdiensbediener, sodat dit toeganklik is op die plaaslike toestel. Geplaas binne die toepassingslaag van die OSI-model, maak hierdie protokol dit moontlik vir gebruikers om e-pos op te haal en te ontvang. Die werking van POP-kliënte behels tipies die vestiging van 'n verbinding met die posdiensbediener, aflaai van alle boodskappe, stoor van hierdie boodskappe lokaal op die kliëntstelsel, en dit daarna van die bediener verwyder. Alhoewel daar drie iterasies van hierdie protokol is, steek POP3 uit as die mees algemeen gebruikte weergawe.

Verstekpoorte: 110, 995(ssl)

PORT    STATE SERVICE
110/tcp open  pop3

Banner Gaping

Banner Gaping is 'n tegniek wat gebruik word om inligting oor 'n POP-diens te verkry deur die banner te ondersoek wat deur die diens teruggestuur word. Dit kan gedoen word deur 'n eenvoudige TCP-verbinding na die POP-diens te maak en die banner te lees wat deur die diens teruggestuur word. Die banner bevat dikwels nuttige inligting soos die diens se weergawe en die gebruikte sagteware.

Om banner gaping uit te voer, kan jy 'n hulpmiddel soos telnet gebruik om 'n TCP-verbinding na die POP-diens te maak en die banner te lees wat deur die diens teruggestuur word. Byvoorbeeld:

telnet <target_ip> 110

Nadat jy die verbinding gemaak het, sal jy die banner sien wat deur die POP-diens teruggestuur word. Hierdie banner kan nuttige inligting verskaf wat jy kan gebruik om verdere aanvalle uit te voer of om die POP-diens te identifiseer.

nc -nv <IP> 110
openssl s_client -connect <IP>:995 -crlf -quiet

Handleiding

Jy kan die opdrag CAPA gebruik om die vermoëns van die POP3-bediener te verkry.

Geoutomatiseerd

nmap --script "pop3-capabilities or pop3-ntlm-info" -sV -port <PORT> <IP> #All are default scripts

Die pop3-ntlm-info invoegtoepassing sal sekere "sensitiewe" data (Windows-weergawes) teruggee.

POP3 bruteforce

POP sintaksis

POP-opdragvoorbeelde van hier

POP commands:
USER uid           Log in as "uid"
PASS password      Substitue "password" for your actual password
STAT               List number of messages, total mailbox size
LIST               List messages and sizes
RETR n             Show message n
DELE n             Mark message n for deletion
RSET               Undo any changes
QUIT               Logout (expunges messages if no RSET)
TOP msg n          Show first n lines of message number msg
CAPA               Get capabilities

POP (Post Office Protocol)

POP (Post Office Protocol) is a protocol used by email clients to retrieve email messages from a mail server. It is one of the most common protocols used for email retrieval.

POP3

POP3 (Post Office Protocol version 3) is the most widely used version of POP. It operates on port 110 and uses a simple text-based protocol.

Enumeration

To enumerate users on a POP3 server, you can use the USER command followed by a username. If the server responds with an error message, it means that the user does not exist. If the server responds with a positive message, it means that the user exists.

USER <username>

Brute-Force Attack

To perform a brute-force attack on a POP3 server, you can use a tool like Hydra. Hydra is a powerful tool that can perform dictionary and brute-force attacks against various protocols, including POP3.

hydra -L <userlist> -P <passwordlist> -s <port> -f <target> pop3

Password Spraying

Password spraying is a technique used to bypass account lockouts by attempting a small number of commonly used passwords against multiple user accounts. This technique can be effective against POP3 servers that do not have account lockout policies in place.

Exploiting Vulnerabilities

There are several vulnerabilities that can be exploited in POP3 servers, such as buffer overflows, command injection, and format string vulnerabilities. Exploiting these vulnerabilities can allow an attacker to gain unauthorized access to the server or execute arbitrary code.

POP3S

POP3S (Secure POP3) is a secure version of POP3 that uses SSL/TLS encryption to secure the communication between the email client and the mail server. It operates on port 995.

Enumeration

The enumeration techniques for POP3S are the same as for POP3. However, since POP3S uses SSL/TLS encryption, you will need to use a tool like openssl to establish a secure connection to the server.

openssl s_client -connect <target>:<port>

Brute-Force Attack

The brute-force attack techniques for POP3S are the same as for POP3. However, since POP3S uses SSL/TLS encryption, you will need to use a tool like openssl to establish a secure connection to the server.

Password Spraying

The password spraying techniques for POP3S are the same as for POP3. However, since POP3S uses SSL/TLS encryption, you will need to use a tool like openssl to establish a secure connection to the server.

Exploiting Vulnerabilities

The vulnerability exploitation techniques for POP3S are the same as for POP3. However, since POP3S uses SSL/TLS encryption, you will need to use a tool like openssl to establish a secure connection to the server.

root@kali:~# telnet $ip 110
+OK beta POP3 server (JAMES POP3 Server 2.3.2) ready
USER billydean
+OK
PASS password
+OK Welcome billydean

list

+OK 2 1807
1 786
2 1021

retr 1

+OK Message follows
From: jamesbrown@motown.com
Dear Billy Dean,

Here is your login for remote desktop ... try not to forget it this time!
username: billydean
password: PA$$W0RD!Z

Gevaarlike Instellings

Vanaf https://academy.hackthebox.com/module/112/section/1073

Instelling	Beskrywing
auth_debug	Stel alle verifikasie foutopsporingslogging in.
auth_debug_passwords	Hierdie instelling pas log-verdowwing toe, die ingedien wagwoorde en die skema word gelog.
auth_verbose	Log onsuksesvolle verifikasiepogings en hul redes.
auth_verbose_passwords	Wagwoorde wat vir verifikasie gebruik word, word gelog en kan ook afgekort word.
auth_anonymous_username	Dit spesifiseer die gebruikersnaam wat gebruik moet word wanneer daar met die ANONYMOUS SASL-meganisme ingeteken word.

HackTricks Outomatiese Opdragte

Protocol_Name:  POP   #Protocol Abbreviation if there is one.
Port_Number:  110     #Comma separated if there is more than one.
Protocol_Description: Post Office Protocol         #Protocol Abbreviation Spelled out

Entry_1:
Name: Notes
Description: Notes for POP
Note: |
Post Office Protocol (POP) is described as a protocol within the realm of computer networking and the Internet, which is utilized for the extraction and retrieval of email from a remote mail server**, making it accessible on the local device. Positioned within the application layer of the OSI model, this protocol enables users to fetch and receive email. The operation of POP clients typically involves establishing a connection to the mail server, downloading all messages, storing these messages locally on the client system, and subsequently removing them from the server. Although there are three iterations of this protocol, POP3 stands out as the most prevalently employed version.

https://book.hacktricks.xyz/network-services-pentesting/pentesting-pop

Entry_2:
Name: Banner Grab
Description: Banner Grab 110
Command: nc -nv {IP} 110

Entry_3:
Name: Banner Grab 995
Description: Grab Banner Secure
Command: openssl s_client -connect {IP}:995 -crlf -quiet

Entry_4:
Name: Nmap
Description: Scan for POP info
Command: nmap --script "pop3-capabilities or pop3-ntlm-info" -sV -p 110 {IP}

Entry_5:
Name: Hydra Brute Force
Description: Need User
Command: hydra -l {Username} -P {Big_Passwordlist} -f {IP} pop3 -V

Entry_6:
Name: consolesless mfs enumeration
Description: POP3 enumeration without the need to run msfconsole
Note: sourced from https://github.com/carlospolop/legion
Command: msfconsole -q -x 'use auxiliary/scanner/pop3/pop3_version; set RHOSTS {IP}; set RPORT 110; run; exit'

Vind kwesbaarhede wat die belangrikste is sodat jy dit vinniger kan regmaak. Intruder volg jou aanvalsoppervlak, voer proaktiewe dreigingsskanderings uit, vind probleme regoor jou hele tegnologie-stapel, van API's tot webtoepassings en wolkstelsels. Probeer dit vandag nog gratis.

{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %}

Leer AWS-hacking van nul tot held met htARTE (HackTricks AWS Red Team Expert)!

• Werk jy in 'n cybersekuriteitsmaatskappy? Wil jy jou maatskappy adverteer in HackTricks? Of wil jy toegang hê tot die nuutste weergawe van die PEASS of laai HackTricks in PDF af? Kyk na die SUBSKRIPSIEPLANNE!
• Ontdek The PEASS Family, ons versameling eksklusiewe NFT's
• Kry die amptelike PEASS & HackTricks-uitrusting
• Sluit aan by die 💬 Discord-groep of die telegramgroep of volg my op Twitter 🐦@carlospolopm.
• Deel jou haktruuks deur PR's in te dien by die hacktricks-repo en hacktricks-cloud-repo.