995 - POP3S

Identification and Scans

# Retrieve POP3 server capabilities (CAPA, TOP, USER, SASL, RESP-CODES, LOGIN-DELAY, PIPELINING, EXPIRE, UIDL, IMPLEMENTATION)	
nmap -v -sV --version-intensity=5 --script pop3-capabilities -p T:995 IP

# Try to bruteforce POP3 accounts
nmap --script pop3-brute --script-args pop3loginmethod=SASL-LOGIN -p T:995 IP
nmap --script pop3-brute --script-args pop3loginmethod=SASL-CRAM-MD5 -p T:995 IP
nmap --script pop3-brute --script-args pop3loginmethod=APOP -p T:995 IP

SSL Checking

# Using openssl
openssl s_client -connect IP:995

Authentication Checking (classical credentials)

USER admin
PASS admin

USER root
PASS root

USER root
PASS toor