Post Office Protocol (POP/POP3/POP3S) – port 110/995

The Post Office Protocol (POP) is an application-layer Internet standard protocol used by e-mail clients to retrieve e-mail from a mail server. POP version 3 (POP3) is the most commonly used version. Together with IMAP, it is one of the most common protocols for email retrieval.

POP/POP3

POP3S

POP/POP3 – port 110

Netcat

Banner grabbing

nc -nv x.x.x.x 110
USER username
PASS password

Read emails

Install Thunderbird client (sudo apt install thunderbird).

nc x.x.x.x 110
USER username
PASS password
LIST
RETR 1
RETR 2
...
QUIT

Nmap scripts

ls -la /usr/share/nmap/scripts/pop3*

IP=x.x.x.x
WL=/usr/share/wordlists/rockyou.txt
USERS=/usr/share/seclists/Usernames/top-usernames-shortlist.txt
nmap --script pop3-brute -p 110 $IP --script-args userdb=${USERS},passdb=$WL

read_emails_pop3.py

#!/usr/bin/python3
# https://docs.python.org/3/library/poplib.html
from getpass import getpass
import poplib

def pop3_login(server, username, password):
    pop3 = poplib.POP3(server, port=110, timeout=10)
    #pop3 = poplib.POP3_SSL(server, port=995, timeout=10)
    #pop3.set_debuglevel(2)

    welcome_msg = pop3.getwelcome().decode('utf-8')
    print(welcome_msg)

    try:
        print("INFO: Login on " + server + " with user " + username)
        pop3.user(username)
        pop3.pass_(password)

        # Read emails
        numMessages = len(pop3.list()[1])
        for i in range(numMessages):
            for j in pop3.retr(i+1)[1]:
                print(j)

        pop3.quit()
    except Exception as e:
        print("ERROR: Login failed.")
        print(e)


# Read emails
server='x.x.x.x'

pop3_login(server, 'user1', 'password1')
pop3_login(server, 'user2', 'password2')

POP3S (POP3-over-SSL/TLS) – port 995

Netcat

nc -nv x.x.x.x 995
or
openssl s_client -connect x.x.x.x:995
or
openssl s_client -crlf -connect x.x.x.x:995 -starttls pop3

# didn't work
USER username
PASS password

LIST – lists the messages available in the user’s account, returning a status message and list with each row containing a message number and the size of that message in bytes
STAT – returns a status message, the number of messages in the mailbox, and the size of the mailbox in bytes
RETR [message_num] – returns the message identified by the message number, which is the same as the message number shown in the LIST command output
TOP [message_num] [n] – returns the top n lines of the message denoted by message number.
When finished, the QUIT command will end the session.