🧠 Info

This lab’s two-factor authentication (2FA) is vulnerable due to a logic flaw in how it handles verification.

🎯 Goal

Access Carlos's account page to solve the lab.

• 👤 Your Credentials: wiener:peter
• 🎯 Victim’s Username: carlos
• 📧 You also have access to the email server to receive your own 2FA codes

💡 Hint: Carlos will not attempt to log in himself.

🧪 Step-by-Step Walkthrough

🔧 Part 1 – Normal Login (Baseline)

1. 🔁 Open FoxyProxy
2. 🔐 Login with:wiener : peter
3. 📩 Go to the Email Client and retrieve your 2FA code
4. ✅ Paste the code and log in successfully
5. Open Burp Suite → Proxy > HTTP History
6. 📥 Find the GET /login2 request
7. 📤 Send it to Repeater
8. ✏️ Change the parameter:username=wiener → username=carlos