Lab 1: OTP Brute Force

Goal: break a weak OTP implementation and reach the success state.

Intentional vulnerability: no lockout, no backoff, and no OTP expiry. This allows brute forcing the 4-digit code.

Step 1: Password Login

Use credentials: student / cheese123