This challenge was rather simple.  Here we had a tcpdump capture file with a lot of different http-requests.  A few of them were directed to, including a GET request for “myfile”.

After extracting the file it turned out that it is another pcap file with some too long packets - making it impossible to be opened by wireshark or tcpdump. Fortunately, there are existing tools to automatically fix capture files, we used the online version of pcapfix (

A few looks showed that there where a lot of communication with a printer going on, including tcp-streams transferring postscript files. So, easy going: we just extracted all postscript files from their tcp-streams and looked at them.  They all contained text created with figlet ( More specifically, the visible content of the printed file were:

  • 1234567890

  • Do you know about figlet? FIGlet is a program for making large letters out of ordinary text.

  • ASIS_54ca36b2e3e49fc30e566c1de0589f38

And yes, that’s the flag!