☕
My OSCP Journey: Tips, Tricks, and Cheat Sheets
  • Introduction
  • Network Scan
  • Services Exploitation
    • 21 - FTP
    • 25, 465, 587 - SMTP
    • 53 - DNS
    • 88 - Kerberos
    • 80, 443 - HTTP/S
    • 110, 995 - POP
    • 111 - NFS/RPC
    • 135, 593 - MSRPC
    • 139, 445 - SMB
    • 143, 993 - IMAP
    • 161 - SNMP
    • 389, 636, 3268, 3269 - LDAP
    • 3306 - Mysql
    • 5432 - Postgres
    • 27017 - MongoDB
  • Web Application Attacks
    • SQL Injection
    • File Inclusion Vulnerabilty
    • Command Injection
    • Client-Side Attacks
  • Brute Forcing
  • Privilege Escalation
    • Manual Enumeration
      • Windows Enumeration
      • Linux Enumeration
    • Windows Privesc
    • Linux Privesc
  • Active Directory
    • AD Manual Enumeration
    • AD Automatic Enumeration
    • AD Authentication
    • AD Lateral Movement
    • AD Attacking Kerberos
    • Hash Cracking Techniques
  • Transfer Files
    • Windows Downloads
    • Windows Uploads
  • Shells
    • Reverse/Bind Shells
    • Web Shells
Powered by GitBook
On this page
  • Banner Grabbing
  • Capabilities
  • Commands

Was this helpful?

Edit on GitHub
  1. Services Exploitation

110, 995 - POP

Previous80, 443 - HTTP/SNext111 - NFS/RPC

Last updated 1 year ago

Was this helpful?

Banner Grabbing

Telnet

telnet 10.0.0.3 110

Netcat

nc -n 10.0.0.3 110

openssl

openssl s_client -crlf -connect 10.0.0.3:995
Parameters

  • s_client: SSL/TLS client program.

  • -crlf: translate a line feed from the terminal into CR+LF.

NSE Script

nmap -p 110,995 --script pop3-ntlm-info 10.0.0.3

Capabilities

POP3 capabilities are defined in . The CAPA command allows a client to ask a server what commands it supports and possibly any site-specific policy.

NSE Script

nmap -p 110,995 --script pop3-capabilities 10.0.0.3

Commands

USER    Username or mailbox.
PASS    Server/mailbox-specific password.
STAT    Number of messages in the mailbox.
LIST    [ message# ] Messages summary.
RETR    [ message# ] Retrieve selected message.
DELE    [ message# ] Delete selected message.
RSET    Reset the session. Undelete deleted messages.
NOOP    No-op. Keeps connection open.
QUIT    End session.

Note: Server responses will start either with a successful (+OK) or failed status -ERR.

pop3-ntlm-info
RFC2449
pop3-capabilities