# 110,995 - Pentesting POP ## Basic Information **Post Office Protocol** \(**POP**\) is a type of computer networking and Internet standard **protocol** that extracts and retrieves email from a remote mail server for access by the host machine. **POP** is an application layer **protocol** in the OSI model that provides end users the ability to fetch and receive email \(from [here](https://www.techopedia.com/definition/5383/post-office-protocol-pop)\). The POP clients generally connect, retrieve all messages, store them on the client system, and delete them from the server. There are 3 versions of POP, but POP3 is the most used one. **Default ports:** 110, 995\(ssl\) ```text PORT STATE SERVICE 110/tcp open pop3 ``` ## Enumeration ### Banner Grabbing ```bash nc -nv 110 openssl s_client -connect :995 -crlf -quiet ``` ## Manual You can use the command `CAPA` to obtain the capabilities of the POP3 server. ## Automated ```bash nmap --script "pop3-capabilities or pop3-ntlm-info" -sV -port #All are default scripts ``` The `pop3-ntlm-info` plugin will return some "**sensitive**" data \(Windows versions\). ### [POP3 bruteforce](../brute-force.md#pop) ## POP syntax ```bash POP commands: USER uid Log in as "uid" PASS password Substitue "password" for your actual password STAT List number of messages, total mailbox size LIST List messages and sizes RETR n Show message n DELE n Mark message n for deletion RSET Undo any changes QUIT Logout (expunges messages if no RSET) TOP msg n Show first n lines of message number msg CAPA Get capabilities ``` From [here](http://sunnyoasis.com/services/emailviatelnet.html) Example: ```text root@kali:~# telnet $ip 110 +OK beta POP3 server (JAMES POP3 Server 2.3.2) ready USER billydean +OK PASS password +OK Welcome billydean list +OK 2 1807 1 786 2 1021 retr 1 +OK Message follows From: jamesbrown@motown.com Dear Billy Dean, Here is your login for remote desktop ... try not to forget it this time! username: billydean password: PA$$W0RD!Z ```