🧠 Info

This lab is vulnerable due to a logic flaw in its brute-force protection mechanism.

🎯 Goal

Brute-force Carlos's password and access his account page.

• 👤 Victim's Username: carlos
• 🔑 Candidate Passwords: (Assumed to be provided separately or from a wordlist)

🧩 Lab Strategy (Step-by-Step)

✅ We already know the username → carlos

🎯 Our goal is to discover the correct password

🧪 Step-by-Step Walkthrough:

🚶 Step 1: Initial Testing

1. Open the lab
2. Try logging in with fake credentials:
   • Username → carlos
   • Password → 12345
3. 📤 Send the request to Repeater
4. 🔁 Try multiple login attempts with different passwords

⛔ After 3 Attempts: