Title address: https://buuoj.cn/challenges#%E7%A7%98%E5%AF%86%E6%96%87%E4%BB%B6
This question is exactly the same as BUUCTF: The stolen files
First filter ftp
the traffic package
Trace flow
Found that a rar
file was transferred , use foremost
separation
Try ARCHPR
four-digit mask blasting
Password: 1903
unzip to get flag
flag{
d72e5a671aa50fa5f400e5d10eedeaa5}