# Port 110/995 - POP3

nc -nvC <IP> 110
+OK beta POP3 server (JAMES POP3 Server 2.3.2) ready

openssl s_client -connect <IP>:995 -crlf -quiet

# Automated - Nmap

nmap --script "pop3-capabilities or pop3-ntlm-info" -sV -port <PORT> <IP>
#All are default scripts

# POP Syntax

POP commands:
  USER uid           Log in as "uid"
  PASS password      Substitue "password" for your actual password
  STAT               List number of messages, total mailbox size
  LIST               List messages and sizes
  RETR n             Show message n
  DELE n             Mark message n for deletion
  RSET               Undo any changes
  QUIT               Logout (expunges messages if no RSET)
  TOP msg n          Show first n lines of message number msg
  CAPA               Get capabilities

# Manual Login Bruteforce (User enumeration)

root@kali:~# telnet $ip 110
 +OK beta POP3 server (JAMES POP3 Server 2.3.2) ready 
 USER billydean    
 PASS password
 +OK Welcome billydean


 +OK 2 1807
 1 786
 2 1021

 retr 1

 +OK Message follows
 From: jamesbrown@motown.com
 Dear Billy Dean,

 Here is your login for remote desktop ... try not to forget it this time!
 username: billydean
 password: PA$$W0RD!Z

# Automated Bruteforce - Hydra

hydra -l {Username} -P {Big_Passwordlist} -f {IP} pop3 -V