This is a .pcapng file. We’ll need to open in in Wireshark.

• Wireshark is installed on Kali.

With the .pcapng file open, choose:

• File
  • Export Objects
    • HTTP

If you sort by hostname, you’ll see each file that was sent from web.icsi.cyber at the bottom.

• We want to select protected.zip and Save

If we try to unzip the file, you’ll see we need to know the password.

Use zip2john to convert it to a format we can crack with John the Ripper

zip2john protected.zip > crackme.hash

Then run john

john crackme.hash

Now that we know the password we can unzip.