Hey! I am really stuck at common session variables (account takedown) section. There is MFA token part and I just don’t know what to do. Help me please…
Hey i’m also stuck on this part. Did you manage to get anywhere?
Just got this one. The trick is that you have to use a combination of logging in with your new admin creds, reset password and register user to bypass the MFA. Try to think about what data is appended to the cookie as you use each of these functions.
In other words what does your cookie need to have set to able to access the profile page? It needs logged in status plus phase 2 complete to be able to access profile. Hope this helps…