We went to the /my-account directory and entered a username named hi and sent the request with the password as pass and got the Invalid Username reply :
We sent the request to Burp Intruder and brute-forced the username and password. First We checked for different responses by brute-forcing the username parameter : 
We were able to see that the username pi had a different length is response :
We then used pi as our username and attacked the password parameter and found that the 1234567 had a different length :
We were able to login using the credentials pi:1234567 and solve the lab :
