110 - POP3

Identification and Scans

# Retrieve POP3 server capabilities (CAPA, TOP, USER, SASL, RESP-CODES, LOGIN-DELAY, PIPELINING, EXPIRE, UIDL, IMPLEMENTATION)	
nmap -v -sV --version-intensity=5 --script pop3-capabilities -p T:110 IP

# Try to bruteforce POP3 accounts
nmap --script pop3-brute --script-args pop3loginmethod=SASL-LOGIN -p T:110 IP
nmap --script pop3-brute --script-args pop3loginmethod=SASL-CRAM-MD5 -p T:110 IP
nmap --script pop3-brute --script-args pop3loginmethod=APOP -p T:110 IP
# Using netcat
nc <IP> 110

# Using telnet
telnet <IP> 110

Authentication Checking (classical credentials)

USER admin
PASS admin

USER root
PASS root

USER root
PASS toor

# Once logged
list