Slot Machine Investigation⚓︎
Test the security of Jack Frost's slot machines. What does the Jack Frost Tower casino security team threaten to do when your coin total exceeds 1000? Submit the string in the server data.response element. Talk to Noel Boetie outside Santa's Castle for help.
Snarf. Hrung. Phlthth.
I'm Hubris Selfington.
The big boss told me he's worried about vulnerabilities in his slot machines, especially this one.
Statistically speaking, it seems to be paying out way too much.
He asked me to see if there are any security flaws in it.
The boss has HUGE plans and we've gotta make sure we are running a tight ship here at Frost Tower.
Can you help me find the issue?
I mean, I could TOTALLY do this on my own, but I want to give you a chance first.
It seems they're susceptible to parameter tampering.
As the hints suggest, the slot machines are susceptable to parameter tampering which we can exploit by resending legitimate POST requests with modified values. Open up your web browser's developer tools on the Network tab and press the Spin button in the game to send a POST request containing a
Next, right click the POST request in the Network tab and select Edit and Resend to open up a form which allows you to modify all aspects of the original request, including the URL, request method, request headers, and request body.
Finding the right parameter to tamper with requires a bit of trial and error. Entering a large enough negative value for the
numline parameter will push your credit over 1000 though and result in a threatening
response from the casino security team.
I'm going to have some bouncer trolls bounce you right out of this casino!