Open only part1.rar ; the extraction software will automatically pull data from the other parts to reconstruct the full directory.

Look for the secret_key in the configuration files found in the archive.

In the "WEB18" series of this CTF, the challenge often involves or Python/Flask backend vulnerabilities.