## TL-DR
We discover the client binary is using ssh, we get the private key out of the binary and get the user also we use ssh keys to do forward port tunneling of the mongodb port from the server to our machine we connect to the db and get the otp of the admin provide it to the website and we get the flag.

read the full writeup at [writeup](https://github.com/team0se7en/CTF-Writeups/tree/master/Cybrics2020/CTB(crack-the-box)/OTP)

Original writeup (https://github.com/team0se7en/CTF-Writeups/tree/master/Cybrics2020/CTB(crack-the-box)/OTP).