InfoSec LAB

PayDay_POP3

Created: 2 min read

POP3

Nmap discovered POP3 services on the target ports 110 and 995 The running service is Dovecot pop3d

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/payday]
└─$ nmap --script "pop3-capabilities or pop3-ntlm-info" -sV -p110,995 $IP
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-02-08 21:43 CET
Nmap scan report for 192.168.198.39
Host is up (0.020s latency).
 
PORT    STATE SERVICE  VERSION
110/tcp open  pop3     Dovecot pop3d
|_pop3-capabilities: SASL RESP-CODES UIDL STLS PIPELINING TOP CAPA
995/tcp open  ssl/pop3 Dovecot pop3d
|_pop3-capabilities: SASL(PLAIN) RESP-CODES UIDL TOP PIPELINING USER CAPA
 
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 6.74 seconds

Null Session

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/payday]
└─$ telnet $IP 110
Trying 192.168.198.39...
Connected to 192.168.198.39.
Escape character is '^]'.
+OK Dovecot ready.
USER NULL
-ERR Plaintext authentication disallowed on non-secure connections.

N/A

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/payday]
└─$ openssl s_client -connect $IP:995 -crlf -quiet
Connecting to 192.168.198.39
Can't use SSL_get_servername
depth=0 C=XX, ST=There is no such thing outside US, L=Everywhere, O=OCOSA, OU=Office for Complication of Otherwise Simple Affairs, CN=ubuntu01, emailAddress=root@ubuntu01
verify error:num=18:self-signed certificate
verify return:1
depth=0 C=XX, ST=There is no such thing outside US, L=Everywhere, O=OCOSA, OU=Office for Complication of Otherwise Simple Affairs, CN=ubuntu01, emailAddress=root@ubuntu01
verify error:num=10:certificate has expired
notAfter=May 25 02:02:48 2008 GMT
verify return:1
depth=0 C=XX, ST=There is no such thing outside US, L=Everywhere, O=OCOSA, OU=Office for Complication of Otherwise Simple Affairs, CN=ubuntu01, emailAddress=root@ubuntu01
notAfter=May 25 02:02:48 2008 GMT
verify return:1
+OK Dovecot ready.
USER NULL
+OK
PASS NULL
-ERR Authentication failed.
 
USER root
+OK
PASS root
-ERR Authentication failed.

POP3s server on the target port 995 accepts CLEARTEXT authentication However, no valid credential is known at this time

Interactive Graph View

Backlinks