110 ) POP3

• Login / Send mail

# Login via telnet 
telnet 10.10.10.51 110
Trying 10.10.10.51...
Connected to 10.10.10.51.
Escape character is '^]'.
+OK solidstate POP3 server (JAMES POP3 Server 2.3.2) ready

# Enter user name with USER command
USER john
+OK

# Enter password with PASS command
PASS harith123
+OK Welcome john # if success 

# Returns total number of messages and total size
STAT
+OK 1 743

# Lists all messages
LIST
+OK 1 743
1 743
.

# Retrieves the whole message RETR <number>
RETR 1
+OK Message follows
Return-Path: <mailadmin@localhost>
Message-ID: <9564574.1.1503422198108.JavaMail.root@solidstate>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Delivered-To: john@localhost
Received: from 192.168.11.142 ([192.168.11.142])
          by solidstate (JAMES SMTP Server 2.3.2) with SMTP ID 581
          for <john@localhost>;
          Tue, 22 Aug 2017 13:16:20 -0400 (EDT)
Date: Tue, 22 Aug 2017 13:16:20 -0400 (EDT)
From: mailadmin@localhost
Subject: New Hires access
John,

Can you please restrict mindy's access until she gets read on to the program. Also make sure that you send her a tempory password to login to her accounts.

Thank you in advance.

Respectfully,
James

• Brute force

hydra -l <USERS> -P <PASSWORDS> -f <IP> pop3 -V
hydra -S -v -s 995 -l <USERS> -P <PASSWORDS_LISTS> -f <IP> pop3 -V

• POP3 Commands with Description

Command	Description
USER [username]	1st login command
PASS [password]	2nd login command
QUIT	Logs out and saves any changes
STAT	Returns total number of messages and total size
LIST	Lists all messages
RETR [message]	Retrieves the whole message
DELE [message]	Deletes the specified message
NOOP	The POP3 server does nothing, it merely replies with a positive response.
RSET	Undelete the message if any marked for deletion
TOP [message] [number]	Returns the headers and number of lines from the message