This writeup is about the 2FA simple bypass in PortSwigger lab. I will be adding about other lab in future. So lets begin.

So lets observe the instructions.

So as per the instruction we as an attacker have already obtained the valid username and password of the victim. Now we have to access the victim’s account page without knowing the 2FA code that would be otherwise sent to the victim’s email. Okay. Lets access the lab.

  1. We will login to our own account with username as wiener and password as peter first.

2. We will now be asked to enter the code that would be sent to our email.

3. Lets open the email client.

Our code is 0976. lets enter it.

Ok we are in our own account.

lets observe the url there. At the end of url we can notice /my-account.

4. Now lets login using victim credential

We are asked to enter the 2FA code that victim would get in his email.

Observe the URL. Lets try to by-pass this 2fa authentication by interacting with the url. Lets replace /login2 with /my-account.

Yes. By this way, we were successfully able to bypass the 2fa authentication upon having the credentials of the victim.

Congratulations, the lab is solved. We successfully got access to the victim account.

If you want to connect on Facebook→ UJJWAL GAUTAM :)