POP3 110,995

POP3 Scanning and Enumeration - Ports 110 and 995

Post Office Protocol (POP) is a protocol used by email clients to retrieve messages from a mail server. POP3 is the latest version of this protocol and is commonly used for email retrieval. Port 110 is used for unencrypted POP3, while port 995 is used for POP3 over SSL/TLS.

POP3 Overview:

• Default Port: 110 (unencrypted), 995 (encrypted via SSL/TLS)

• Protocol: POP3 allows clients to retrieve emails from a server and download them to a local machine. The protocol is designed for offline email access but does not provide native email synchronization across multiple devices.

Enumeration Techniques:

1. Banner Grabbing:

   • Use nc (Netcat) or nmap to grab the POP3 service banner and identify the server version. Example:

     nc -vn <IP> 110
     nc -vn <IP> 995  # For encrypted POP3
     nmap -sV -p 110,995 <IP>  # Service version detection

2. Service Version Detection:

   • Use nmap to detect the version of the POP3 service running on ports 110 or 995 and gather additional information. Example:

     sudo nmap -sV -p 110,995 <IP>

3. Enumerating POP3 Users:

   • Use telnet or nc to connect to the POP3 server and attempt user enumeration. Example with telnet:

     telnet <IP> 110
     USER <username>  # Check if user exists

   • Check for specific responses from the POP3 server to identify valid usernames.

4. POP3 Commands:

   • The POP3 protocol uses specific commands to interact with the mail server. Common commands include USER, PASS, STAT, and LIST. Example:

     telnet <IP> 110
     USER