In this video, we cover Lab #2 in the Authentication module of the Web Security Academy. This lab's two-factor authentication can be bypassed. You have already obtained a valid username and password, but do not have access to the user's 2FA verification code. To solve the lab, we access Carlos's account page.

• Your credentials: wiener:peter
• Victim's credentials carlos:montoya
  

▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬

Python script: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/broken-authentication/lab-02/authentication-lab-02.py

Notes.txt document: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/broken-authentication/lab-02/notes.txt

Web Security Academy Lab Exercise: https://portswigger.net/web-security/authentication/multi-factor/lab-2fa-simple-bypass

Rana's Twitter account: https://twitter.com/rana__khalil