Broken Authentication Update help with 2FA

Hello.

Y’all updated the Broken Authentication section literally as I was trying to submit my flag, was confusing for a minute, lol.

Anyway, I’m stuck in the skills assessment.

I found the username and password, but when I get to the 2FA part, I’m doing what it shows in the brute forcing 2FA section. I’ve tried a few alternatives, like a 5 digit code, but no dice.

I can’t find if the web app gives the structure of the 2FA code anywhere.

Any help is appreciated. No answers, just a push in the right direction.

Thanks.

Got it.

That was fun.