POP3 - 110/995

The Post Office Protocol version 3 (POP3) is a protocol used by email clients to retrieve emails from a remote mail server. It typically downloads messages to the local device and deletes them from the server, making it suitable for offline access but not ideal for multi-device synchronization.

Default port: 110, 995

Enumeration

# Nmap service/version detection + default scripts
sudo nmap -sV -sC -p 110,995 10.10.10.10

# Plaintext POP3 connection
telnet 10.10.10.10 110

# Secure POP3 (POP3S)
openssl s_client -connect 10.10.10.10:995

# Basic login test with curl
curl --url pop3://10.10.10.10/ --user 'user:pass'

# Brute-force login
hydra -L users.txt -P passwords.txt pop3://10.10.10.10

# Check if APOP authentication is supported
nmap --script pop3-capabilities -p 110 10.10.10.10

Exploitation

# Connect and login
telnet 10.129.14.128 110
USER user@example.com
PASS password

# List emails
LIST

# Retrieve specific email
RETR 1

# Delete specific email (optional)
DELE 1

# Quit session
QUIT

# Dump emails automatically
# 1: https://github.com/delosec/POP3-Dumper

Enumeration​

Exploitation​

Enumeration

Exploitation