
This is a .pcapng file. We’ll need to open in in Wireshark.
- Wireshark is installed on Kali.
With the .pcapng file open, choose:

If you sort by hostname, you’ll see each file that was sent from web.icsi.cyber at the bottom.
- We want to select
protected.zip and Save

If we try to unzip the file, you’ll see we need to know the password.

Use zip2john to convert it to a format we can crack with John the Ripper
zip2john protected.zip > crackme.hash

Then run john
john crackme.hash

Now that we know the password we can unzip.
