Dih dat is a morse language on decoding you will get as thepasswordis:hacsecurity123
 

Using stegosuite to decode:
Flag:hsCTF{S7EG_TO0LS_AR3_ALW4YS_H3LPFUL}
 
On fixinf the header ull get the flag as:
 
 

You can do this in 2 ways on bruteforcing ull get 3 pages wherin the client name dosent change.
On one of those pages is the flag.
Else u can use the flask vulnarability and get the flag.

 
 
In web 2 nothing is in main page,but source code has something to do with white text.
Using stegsnow tool u will get flag as :

hsCTF{SNOW_SCRAPPER}
 
 
This is a simple rsa using RsaCTFTool u can find ur private key and decrypt the cipher.
 
Flag: hsCTF{M!X7URE_1S_ALW4YS_7AS7Y}
 
 
 
On analysing whole data of images we find 3 images which were mentioned to have flags.  
 
 
The part of flag is on the image.
 
 
Finally the flag is: hsCTF{S7EAGNOGR4PHY_T0OLS_AR3_4LW4YS_US3FU7}

 
Flag: hsCTF{C0MMUNI7Y_0F_H4CK3RS}
 
Simple-1 has flag printed in it:)
 
 
Decoding this text to following bases gives the flag:(85,64,62,58,32)
:IT5J@ol-%;_Ug4A2?u*;cm$S:Ie;M;/J-E;b&]bA8OeP;,p5-A2@7SA8=#I@;BD"<^]qB=)BX;9kn3,;J\g%<`i7:A6<M?:KV:1=):W79iX#+=trKL;H?+t=tjSP
 
Flag:hsCTF{5UM_0F_AL7_B4S35}
 

 
hsCTF{C0NF!ENTI4L_BU7_LE4K3D}
 

​Forensics Writeups:
 
 
 
The source file link gives us a zip, which can be unlocked using password 1, which is a rot cipher.(password: tiktoktiktok)
Then on unzippping ull get a pcap file,deep analysing would u a link to a easyupload.io which has a zip, password for it is password2: hacsecurity(in question it was xored with 128).
The zip had flag: hsCTF{CAPTUR!NG_P4CKE7S_!S_CR!ME}
 
 
 
 
Downloading the file we get a zip, using john or fcrack we get the password to be memory.
Unzipping we get a pcapng, analysing would give 2 files namely fakeflag,flag.
Reading them would give the flag:hsCTF{CAP7UR!NG_C4N_B3_D0NE_4NYW4YS}
U can do it other ways just by using strings file | grep hsCTF
 
Game changer
 
Reading the source file and selecting the whole text gives a clue that some text is hidden or white text.(snow).
 
 
We are given in hint to use all known passwords, using pass123 on the source.txt we get a statement
Using steghide on image with the obtained password given we get a file.
 
Fixing its header and checking with steghide gives a file.
that has a pastebin link, going to link gives a bacon cipher text further gives another website in which in a .js script we have our flag in JsFuck text.
Decoding the Jsfuck we get our flag:
hsCTF{4LL_!N_0N3}