Lab 9 - Brute-forcing a stay-logged-in cookie Lab Objective: This lab allows users to stay logged in even after they close their browser session. The cookie used to provide this functionality i...

Lab 8 - 2FA broken logic Lab Objective: This lab’s two-factor authentication is vulnerable due to its flawed logic. To solve the lab, access Carlos’s account page Your credentials: wiener:pet...

Lab 7 - Authentication - Username enumeration via account lock Lab Objective: This lab is vulnerable to username enumeration. It uses account locking, but this contains a logic flaw. To solve t...

Lab 6 - Authentication - Broken brute-force protection, IP block Lab Objective: This lab is vulnerable due to a logic flaw in its password brute-force protection. To solve the lab, brute-force ...

Lab 5 - Authentication - Username enumeration via Response timing Lab Objective: This lab is vulnerable to username enumeration using its response times. To solve the lab, enumerate a valid use...

Lab 4 - Authentication - Username enumeration via subtle different responses Lab Objective: This lab is subtly vulnerable to username enumeration and password brute-force attacks. It has an acc...

Lab 3 - Authentication - Password reset broken logic Lab Objective: This lab’s password reset functionality is vulnerable. To solve the lab, reset Carlos’s password then log in and access his “...

Lab 2 - Authentication - 2FA bypass Lab Objective: This lab’s two-factor authentication can be bypassed. You have already obtained a valid username and password, but do not have access to the u...

Lab 1 - Authentication - Username enumeration via different responses Lab Objective: This lab is vulnerable to username enumeration and password brute-force attacks. To solve the lab, enumerate...

Lab 1 - Username and password enumeration: Basic brute force attack use intruder and enumerate the username until we found an error message identifying the password is incorrect. Once we’ve identif...