110, 143 - POP3, IMAP4

Theory

POP3

Post Office Protocol V3 is used to receive e‐mails, and it uses port 110. POP3 over SSL uses port 995.

IMAP4

Internet Message Access Protocol V4 is used to store and manage e‐mails on the server, and it uses port 143. IMAP4 over SSL uses port 993.

Practical

At this stage, all we want to do is to access the inbox of an existing user on the server. For this to work, we need to make sure that the mail server is installed on the target host; thus, we will see the following:

• POP3 port 110 open, and maybe the server allows POP3 over SSL (using port 995)

• IMAP4 port 143 open, and maybe the server allows IMAP over SSL (using port 993)

Basic Nmap Scan

nmap ‐sV ‐O ‐sC ‐p 110,995,143,993 <IP>

Brute Force POP3 E-mail Accounts

Hydra

hydra ‐L [users file] ‐P [passwords file] pop3://[IP]

REFERENCES

• https://book.hacktricks.xyz/network-services-pentesting/pentesting-imap

• https://book.hacktricks.xyz/network-services-pentesting/pentesting-pop

• https://0xffsec.com/handbook/services/pop/

• https://nmap.org/nsedoc/scripts/pop3-brute.html

• https://subscription.packtpub.com/book/cloud-and-networking/9781849517485/6/ch06lvl1sec87/brute-forcing-pop3-passwords

• https://forums.hak5.org/topic/21182-brute-force-email-with-hydra/