top | item 37475594

(no title)

xzel | 2 years ago

I learned how to program by writing auto buyers, bots that would buy specific items that had a higher value on the secondary market, for Neopets. I believe the farther I went was deobfuscating the API they used issuing points for their games and making fake game players. I was part of a bunch of Neopets automation forums where people would bot and then RMT (real money trading) gold and other items. Neopets basically had 0 security and would really only ban people when their checkout speed sub 1 second. Everything I wrote was in VB6 and then eventually VB .Net basically killed the scene I was in since the initial .net roll out was so poor, as well as people growing up. Hadn't thought about this in forever. Thanks Neopets!

discuss

spondylosaurus|2 years ago

You might be amused to know that Neopets still has dismal security 20 years later. Autobuyers are alive and well, to the point that the entire virtual economy is shaped around a handful of exorbitantly wealthy users who snipe and hoard valuable items.

There's also at least one grey hat (reddit user u/neo_truths) who's been able to get into Neopets' databases and expose how broken the site is and how much cheating runs rampant... real interesting stuff.

EDIT: Here's a fun example. Ancient bug where items above a certain rarity level weren't available in NPC shops, despite Neopets' staff insisting that they were... turns out r100s were in fact buyable, but not visible, so the only way to snag one was to figure out the exact URL for the item as it was generated.

https://www.reddit.com/r/neopets/comments/npzffe/restocking_...

https://www.reddit.com/r/neopets/comments/nu4k5o/r100_restoc...

herpdyderp|2 years ago

I got into web dev because they didn’t sanitize your bio. You could stick whatever HTML in there you wanted! (Maybe they stripped out script tags at least, I don’t remember.)

Edit: looks like others in this post had similar experiences :)

bennyg|2 years ago

I have the exact same experience. I got “reputation” by creating a daily do-welled that would collect np by automating all of the daily tasks. That let me into the private bb forum channels that had the auto buyers, captcha solvers, etc. I look back on those memories fondly - I must have been 10-11 years old then and was amazed at the skill disparity for the auto buying programs - constantly had the rarest stamps. I’m pretty sure all of my accounts were banned, including coveted short nicks like “bg”.

weird-eye-issue|2 years ago

A few years ago I randomly had the idea to spend a few hours to see if I could find any vulnerabilities in Neopets

It was a bit nostalgic for me since I originally learned HTML/CSS from Neopets over a decade back

Within 30 minutes I discovered you could create any Neopet, including the limited edition ones like Jetsam, just by setting that name in the API call

Daegalus|2 years ago

I did something similar. I would write bots to play the games, then eventually figured out I could just hit the apis that would give me items and gold. Eventually, I had a lot of rare stuff and so on. I kind of wish I could still log into that account. But I doubt I would remember the username, email, or anything else.

jaimex2|2 years ago

I got into hacking/pen testing by hex editing the Flash games and disabling hit colliders.