POP3

Source CTF and HTB Academy

POP3 provides listing, retrieving, and deleting emails as functions at the email server.

Commands

Command Description

Command	Description
`USER username`	Identifies the user.
`PASS password`	Authentication of the user using its password.
`STAT`	Requests the number of saved emails from the server.
`LIST`	Requests from the server the number and size of all emails.
`RETR id`	Requests the server to deliver the requested email by ID.
`DELE id`	Requests the server to delete the requested email by ID.
`CAPA`	Requests the server to display the server capabilities.
`RSET`	Requests the server to reset the transmitted information.
`QUIT`	Closes the connection with the POP3 server.

USER username

Identifies the user.

PASS password

Authentication of the user using its password.

STAT

Requests the number of saved emails from the server.

LIST

Requests from the server the number and size of all emails.

RETR id

Requests the server to deliver the requested email by ID.

DELE id

Requests the server to delete the requested email by ID.

CAPA

Requests the server to display the server capabilities.

RSET

Requests the server to reset the transmitted information.

QUIT

Closes the connection with the POP3 server.

Same as imap see here

openssl s_client -connect TARGET-IP:995 -crlf -quiet (995 is the port)
sudo nmap 10.129.14.128 -sV -p110,995 -sC
sudo nmap -p 110,995 --script=pop3-* TARGET-IP will try different enumeration including username enumeration
openssl s_client -connect 10.129.14.128:pop3s
curl -k 'pop3s://10.129.250.84' --user robin:robin -v

openssl s_client -connect TARGET-IP:995
USER username@domain.com
PASS password

Last updated 1 year ago