This lab's two-factor authentication can be bypassed. You have already obtained a valid username and password, but do not have access to the user's 2FA verification code. To solve the lab, access Carlos's account page.
Your credentials: wiener:peter
Victim's credentials carlos:montoya
After logging in as weiner, log out and login as carlos.
when you reach the 2fa page, change the url to my-account?id=carlos
