Juno

Nmap Scan Result

Used gobuster to bruteforce directory and found a login page requesting pin for Authentication, at the bottom of the page was a link to download an android apk file.

I downloaded the app did manual emuneration but didn't find anything, then I decided to to search online for more helpful APK tools and found MOBSF. I was dazzled to say the least😊

https://github.com/MobSF/Mobile-Security-Framework-MobSF

After enumerating the elements for a while I found three different potential PINS and one of them worked.

On the login page. I found a flag and another encoded flag which was decoded using https://www.dcode.fr/ ASCII shift decoder