mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-24 21:53:54 +00:00
26 KiB
26 KiB
110,995 - Pentesting POP
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
- Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access to the latest version of the PEASS or download HackTricks in PDF? Check the SUBSCRIPTION PLANS!
- Discover The PEASS Family, our collection of exclusive NFTs
- Get the official PEASS & HackTricks swag
- Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦@carlospolopm.
- Share your hacking tricks by submitting PRs to the hacktricks repo and hacktricks-cloud repo.
Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. Try it for free today.
{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %}
Basic Information
Post Office Protocol (POP) is described as a protocol within the realm of computer networking and the Internet, which is utilized for the extraction and retrieval of email from a remote mail server, making it accessible on the local device. Positioned within the application layer of the OSI model, this protocol enables users to fetch and receive email. The operation of POP clients typically involves establishing a connection to the mail server, downloading all messages, storing these messages locally on the client system, and subsequently removing them from the server. Although there are three iterations of this protocol, POP3 stands out as the most prevalently employed version.
Default ports: 110, 995(ssl)
PORT STATE SERVICE
110/tcp open pop3
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlhIngan Hol Translation:
Banner Grabbing
tlh
nc -nv <IP> 110
openssl s_client -connect <IP>:995 -crlf -quiet
Qap
QapDI' POP3 server capabilities laHlIj.
nmap --script "pop3-capabilities or pop3-ntlm-info" -sV -port <PORT> <IP> #All are default scripts
The pop3-ntlm-info plugin will return some "sensitive" data (Windows versions).
POP3 bruteforce
POP syntax
POP commands examples from here
POP commands:
USER uid Log in as "uid"
PASS password Substitue "password" for your actual password
STAT List number of messages, total mailbox size
LIST List messages and sizes
RETR n Show message n
DELE n Mark message n for deletion
RSET Undo any changes
QUIT Logout (expunges messages if no RSET)
TOP msg n Show first n lines of message number msg
CAPA Get capabilities
POP (Post Office Protocol)
POP (Post Office Protocol) is a protocol used by email clients to retrieve email messages from a mail server. It is one of the most common protocols used for email retrieval.
POP Versions
There are two main versions of POP: POP2 and POP3. POP2 is an older version and is not widely used anymore. POP3 is the most commonly used version and is supported by almost all email clients and servers.
POP Ports
POP typically uses port 110 for unencrypted connections and port 995 for encrypted connections using SSL/TLS.
POP Authentication
POP authentication is usually done using a username and password. The username is typically the email address of the user, and the password is used to verify the identity of the user.
POP Vulnerabilities
There are several vulnerabilities that can be exploited in POP implementations, including:
- Brute force attacks: Attackers can try to guess the username and password combination by systematically trying different combinations.
- Man-in-the-middle attacks: Attackers can intercept the communication between the email client and the mail server to steal sensitive information.
- Password reuse: If a user reuses the same password for multiple accounts, an attacker who gains access to one account can potentially access other accounts as well.
POP Security Best Practices
To secure POP connections, it is recommended to:
- Use encrypted connections: Always use SSL/TLS to encrypt the communication between the email client and the mail server.
- Use strong passwords: Choose passwords that are difficult to guess and avoid reusing passwords for multiple accounts.
- Enable two-factor authentication (2FA): Use an additional layer of security by enabling 2FA, which requires a second form of authentication, such as a code sent to a mobile device.
POP Tools
There are several tools available for testing and exploiting POP vulnerabilities, including:
- Hydra: A popular password cracking tool that supports POP authentication.
- Wireshark: A network protocol analyzer that can be used to capture and analyze POP traffic.
- Metasploit: A penetration testing framework that includes modules for testing POP vulnerabilities.
POP Summary
POP is a widely used protocol for email retrieval. It has several vulnerabilities that can be exploited, but by following security best practices and using the right tools, these vulnerabilities can be mitigated.
root@kali:~# telnet $ip 110
+OK beta POP3 server (JAMES POP3 Server 2.3.2) ready
USER billydean
+OK
PASS password
+OK Welcome billydean
list
+OK 2 1807
1 786
2 1021
retr 1
+OK Message follows
From: jamesbrown@motown.com
Dear Billy Dean,
Here is your login for remote desktop ... try not to forget it this time!
username: billydean
password: PA$$W0RD!Z
QaDmey
https://academy.hackthebox.com/module/112/section/1073 laH
| QaD | vaD |
|---|---|
auth_debug |
bImejDaq log authentication debug. |
auth_debug_passwords |
bImejDaq log verbosity, submitted passwords, log 'ej log scheme. |
auth_verbose |
log unsuccessful authentication attempts 'ej log reasons. |
auth_verbose_passwords |
log passwords used authentication, 'ej truncated log vItlhutlh. |
auth_anonymous_username |
username specifies log ANONYMOUS SASL mechanism log login. |
HackTricks Automatic Commands
Protocol_Name: POP #Protocol Abbreviation if there is one.
Port_Number: 110 #Comma separated if there is more than one.
Protocol_Description: Post Office Protocol #Protocol Abbreviation Spelled out
Entry_1:
Name: Notes
Description: Notes for POP
Note: |
Post Office Protocol (POP) is described as a protocol within the realm of computer networking and the Internet, which is utilized for the extraction and retrieval of email from a remote mail server**, making it accessible on the local device. Positioned within the application layer of the OSI model, this protocol enables users to fetch and receive email. The operation of POP clients typically involves establishing a connection to the mail server, downloading all messages, storing these messages locally on the client system, and subsequently removing them from the server. Although there are three iterations of this protocol, POP3 stands out as the most prevalently employed version.
https://book.hacktricks.xyz/network-services-pentesting/pentesting-pop
Entry_2:
Name: Banner Grab
Description: Banner Grab 110
Command: nc -nv {IP} 110
Entry_3:
Name: Banner Grab 995
Description: Grab Banner Secure
Command: openssl s_client -connect {IP}:995 -crlf -quiet
Entry_4:
Name: Nmap
Description: Scan for POP info
Command: nmap --script "pop3-capabilities or pop3-ntlm-info" -sV -p 110 {IP}
Entry_5:
Name: Hydra Brute Force
Description: Need User
Command: hydra -l {Username} -P {Big_Passwordlist} -f {IP} pop3 -V
Entry_6:
Name: consolesless mfs enumeration
Description: POP3 enumeration without the need to run msfconsole
Note: sourced from https://github.com/carlospolop/legion
Command: msfconsole -q -x 'use auxiliary/scanner/pop3/pop3_version; set RHOSTS {IP}; set RPORT 110; run; exit'
Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. Try it for free today.
{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %}
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
- Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access to the latest version of the PEASS or download HackTricks in PDF? Check the SUBSCRIPTION PLANS!
- Discover The PEASS Family, our collection of exclusive NFTs
- Get the official PEASS & HackTricks swag
- Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦@carlospolopm.
- Share your hacking tricks by submitting PRs to the hacktricks repo and hacktricks-cloud repo.