A hint to solve this exercise is that you first have to log in with the user ‘htb-stdnt’ and not log out. Then follow the attack route described in the module.
Hi @Ezi0 ,
Does you complete " Common Session Variables (Account Takeover)"?
You have the recommend how to bypass the 2MFA?
@nn.long
Hi, If you have reached that part you have to apply the same strategy. When you log in with the “admin” credentials you can see that there is now another panel referring to login_2.php whose response indicates something about Login - Phase 2.
As we are talking about Phase 2 we can try to apply the same strategy as above since we can intuit that to access the profile.php endpoint it is necessary that phase 3 is assigned to us, that is to say, that we have to complete step 2 of the register_1.php and register_2.php endpoint.