🔐 Info Lab – Logic Flaw in Password Brute-force Protection

This lab is vulnerable due to a logic flaw in its password brute-force protection mechanism.

🎯 Goal

To solve the lab:

1. Brute-force the victim's password
2. Log in as the victim
3. Access their account page

🧾 Credentials

• 👤 Your account: wiener : peter
• 🎯 Target account: carlos
• 🧰 Candidate passwords

🧠 Lab Concept

This lab is easy once you understand the main idea:

1. 🔓 First, log in with your own credentials:
   • username: wiener
   • password: peter
2. 🎯 The goal is to log in as carlos, but we don't have his password.
3. 😵 If we brute-force directly, we'll get rate limited / blocked.