When we open the pcap, we’re a bit overwhelmed, by the size of the file and the amount of packets.
I just searched for
flag until I came to a zip file (recognized the magic bytes,
PK..). We can simply extract this, by:
Right click -> Follow -> TCP Stream or
Cntrl + Alt + Shift + T and then select
Show and save data as ->
Save as ->
When we now open the zip file, we see that it requires a password.
When we just simply search for
password, we find
dgyfogfoewyeowyefowouevftowyefg, which is our password.
Using the password, we can read the flag: