# 110, 995 - POP

## <mark style="color:red;">Banner Grabbing</mark> <a href="#banner-grabbing" id="banner-grabbing"></a>

**Telnet**

```sh
telnet 10.0.0.3 110
```

**Netcat**

```sh
nc -n 10.0.0.3 110
```

**openssl**

```sh
openssl s_client -crlf -connect 10.0.0.3:995
```

<details>

<summary>Parameters</summary>

* `s_client`: SSL/TLS client program.
* `-crlf`: translate a line feed from the terminal into `CR+LF`.

</details>

[**pop3-ntlm-info**](https://nmap.org/nsedoc/scripts/pop3-ntlm-info.html) **NSE Script**

```sh
nmap -p 110,995 --script pop3-ntlm-info 10.0.0.3
```

## <mark style="color:red;">Capabilities</mark> <a href="#capabilities" id="capabilities"></a>

POP3 capabilities are defined in [RFC2449](https://tools.ietf.org/html/rfc2449#section-6). The `CAPA` command allows a client to ask a server what commands it supports and possibly any site-specific policy.

[**pop3-capabilities**](https://nmap.org/nsedoc/scripts/pop3-capabilities.html) **NSE Script**

```sh
nmap -p 110,995 --script pop3-capabilities 10.0.0.3
```

## <mark style="color:red;">Commands</mark> <a href="#commands" id="commands"></a>

```txt
USER    Username or mailbox.
PASS    Server/mailbox-specific password.
STAT    Number of messages in the mailbox.
LIST    [ message# ] Messages summary.
RETR    [ message# ] Retrieve selected message.
DELE    [ message# ] Delete selected message.
RSET    Reset the session. Undelete deleted messages.
NOOP    No-op. Keeps connection open.
QUIT    End session.
```

{% hint style="info" %}
Note: Server responses will start either with a successful (`+OK`) or failed status `-ERR`.
{% endhint %}