# 110, 995 - POP

## <mark style="color:red;">Banner Grabbing</mark> <a href="#banner-grabbing" id="banner-grabbing"></a>

**Telnet**

```sh
telnet 10.0.0.3 110
```

**Netcat**

```sh
nc -n 10.0.0.3 110
```

**openssl**

```sh
openssl s_client -crlf -connect 10.0.0.3:995
```

<details>

<summary>Parameters</summary>

* `s_client`: SSL/TLS client program.
* `-crlf`: translate a line feed from the terminal into `CR+LF`.

</details>

[**pop3-ntlm-info**](https://nmap.org/nsedoc/scripts/pop3-ntlm-info.html) **NSE Script**

```sh
nmap -p 110,995 --script pop3-ntlm-info 10.0.0.3
```

## <mark style="color:red;">Capabilities</mark> <a href="#capabilities" id="capabilities"></a>

POP3 capabilities are defined in [RFC2449](https://tools.ietf.org/html/rfc2449#section-6). The `CAPA` command allows a client to ask a server what commands it supports and possibly any site-specific policy.

[**pop3-capabilities**](https://nmap.org/nsedoc/scripts/pop3-capabilities.html) **NSE Script**

```sh
nmap -p 110,995 --script pop3-capabilities 10.0.0.3
```

## <mark style="color:red;">Commands</mark> <a href="#commands" id="commands"></a>

```txt
USER    Username or mailbox.
PASS    Server/mailbox-specific password.
STAT    Number of messages in the mailbox.
LIST    [ message# ] Messages summary.
RETR    [ message# ] Retrieve selected message.
DELE    [ message# ] Delete selected message.
RSET    Reset the session. Undelete deleted messages.
NOOP    No-op. Keeps connection open.
QUIT    End session.
```

{% hint style="info" %}
Note: Server responses will start either with a successful (`+OK`) or failed status `-ERR`.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://oscp.nstsec.com/services-exploitation/110-995-pop.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.