Wednesday, October 20, 2010

POP3 (110 TCP)

POP3 (110 TCP)
POP3 must be one of the most common protocols found on the Internet today - POP3 is used to download email. Some time ago the QPOP server was exploitable. As is the case with FTP, one has to have a mechanism for finding vulnerable versions of POP3 servers. The PERL script used in the FTP section is just as applicable to the POP3 servers as to the FTP servers. Some exploits require that you supply a valid username and password - some require nothing.
A POP3 server can be used to verify a user's password, and therefor can be used to do a brute force attack on a username and password. Some of the older POP3 servers also only logged the first incorrect attempt - you could try as any combinations with only one entry in the logfile. The "pwscan.pl" script that forms part of VLAD has the possibility to brute force POP3 passwords - it is so easy that I am not going to spend more time on it (see the telnet section).
Another use for POP3 is to access other people's email without their knowledge. To be able to do this you will obviously need the correct password. The advantage is that most POP3 clients can be set to keep the mail on the server - to thus make a copy of the mail. When the legit user will connect the mail will still be there.

2 comments:

hacking tools