# Default GET API

We first unpack the APK and find a java file with a list of API calls and one with a token and API endpoint. We are now able to connect to that endpoint using the link and the auth header.

We get this


and this


My first instinct once I got to Postman to test the APIs was, well... scan for default APIs that may not be in the API service file. Use a default GET api on /users and get the list of all available users. And it kinda worked :)

Getting list of users


I noticed at this point that after the fourth user Orion, it's other hackers trying SQL injections and other cheeky methods. So all I had to do was try out the GET /notes of the first four users using their UUID. We get the flag in Gemini Coley.


Always test basic endpoints before diving into complex solution :)