Web Challenges

You can do this in 2 ways on bruteforcing ull get 3 pages wherin the client name dosent change.
On one of those pages is the flag.
Else u can use the flask vulnarability and get the flag.

 
 
In web 2 nothing is in main page,but source code has something to do with white text.
Using stegsnow tool u will get flag as :

hsCTF{SNOW_SCRAPPER}
 
 
This is a simple rsa using RsaCTFTool u can find ur private key and decrypt the cipher.
 
Flag: hsCTF{M!X7URE_1S_ALW4YS_7AS7Y}
 
 
 
On analysing whole data of images we find 3 images which were mentioned to have flags.  
 
 
The part of flag is on the image.
 
 
Finally the flag is: hsCTF{S7EAGNOGR4PHY_T0OLS_AR3_4LW4YS_US3FU7}