🟢2FA simple bypass

This lab's two-factor authentication can be bypassed. You have already obtained a valid username and password, but do not have access to the user's 2FA verification code. To solve the lab, access Carlos's account page.

Your credentials: wiener:peter
Victim's credentials carlos:montoya

After logging in as weiner, log out and login as carlos.

when you reach the 2fa page, change the url to my-account?id=carlos

Can now login as carlos

PreviousUsername enumeration via different responses NextPassword reset broken logic

Last updated 2 years ago