mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-15 09:27:32 +00:00
83 lines
2.2 KiB
Markdown
83 lines
2.2 KiB
Markdown
# 110,995 - Pentesting POP
|
|
|
|
## Basic Information
|
|
|
|
**Post Office Protocol** \(**POP**\) is a type of computer networking and Internet standard **protocol** that extracts and retrieves email from a remote mail server for access by the host machine. **POP** is an application layer **protocol** in the OSI model that provides end users the ability to fetch and receive email \(from [here](https://www.techopedia.com/definition/5383/post-office-protocol-pop)\).
|
|
|
|
The POP clients generally connect, retrieve all messages, store them on the client system, and delete them from the server. There are 3 versions of POP, but POP3 is the most used one.
|
|
|
|
**Default ports:** 110, 995\(ssl\)
|
|
|
|
```text
|
|
PORT STATE SERVICE
|
|
110/tcp open pop3
|
|
```
|
|
|
|
## Enumeration
|
|
|
|
### Banner Grabbing
|
|
|
|
```bash
|
|
nc -nv <IP> 110
|
|
openssl s_client -connect <IP>:995 -crlf -quiet
|
|
```
|
|
|
|
## Manual
|
|
|
|
You can use the command `CAPA` to obtain the capabilities of the POP3 server.
|
|
|
|
## Automated
|
|
|
|
```bash
|
|
nmap --scripts "pop3-capabilities or pop3-ntlm-info" -sV -port <PORT> <IP> #All are default scripts
|
|
```
|
|
|
|
The `pop3-ntlm-info` plugin will return some "**sensitive**" data \(Windows versions\).
|
|
|
|
### [POP3 bruteforce](../brute-force.md#pop)
|
|
|
|
## POP syntax
|
|
|
|
```bash
|
|
POP commands:
|
|
USER uid Log in as "uid"
|
|
PASS password Substitue "password" for your actual password
|
|
STAT List number of messages, total mailbox size
|
|
LIST List messages and sizes
|
|
RETR n Show message n
|
|
DELE n Mark message n for deletion
|
|
RSET Undo any changes
|
|
QUIT Logout (expunges messages if no RSET)
|
|
TOP msg n Show first n lines of message number msg
|
|
CAPA Get capabilities
|
|
```
|
|
|
|
From [here](http://sunnyoasis.com/services/emailviatelnet.html)
|
|
|
|
Example:
|
|
|
|
```text
|
|
root@kali:~# telnet $ip 110
|
|
+OK beta POP3 server (JAMES POP3 Server 2.3.2) ready
|
|
USER billydean
|
|
+OK
|
|
PASS password
|
|
+OK Welcome billydean
|
|
|
|
list
|
|
|
|
+OK 2 1807
|
|
1 786
|
|
2 1021
|
|
|
|
retr 1
|
|
|
|
+OK Message follows
|
|
From: jamesbrown@motown.com
|
|
Dear Billy Dean,
|
|
|
|
Here is your login for remote desktop ... try not to forget it this time!
|
|
username: billydean
|
|
password: PA$$W0RD!Z
|
|
```
|
|
|