Navigation :
110 - POP3
Identification and Scans
# Retrieve POP3 server capabilities (CAPA, TOP, USER, SASL, RESP-CODES, LOGIN-DELAY, PIPELINING, EXPIRE, UIDL, IMPLEMENTATION)
nmap -v -sV --version-intensity=5 --script pop3-capabilities -p T:110 IP
# Try to bruteforce POP3 accounts
nmap --script pop3-brute --script-args pop3loginmethod=SASL-LOGIN -p T:110 IP
nmap --script pop3-brute --script-args pop3loginmethod=SASL-CRAM-MD5 -p T:110 IP
nmap --script pop3-brute --script-args pop3loginmethod=APOP -p T:110 IP
Banner grabbing/checking
# Using netcat
nc <IP> 110
# Using telnet
telnet <IP> 110
Authentication Checking (classical credentials)
USER admin
PASS admin
USER root
PASS root
USER root
PASS toor
# Once logged
list