First, download the attachment is a file wireshark, and then to go into a separate file foremost below the kali.
You can get the following accessories:
Then search packet byte stream flag.txt
Packet byte stream search 6666.jpg, and track TCP streams, to find the jpg file header (FFD8) and the end of the file (FFD9) and copy
From here to the most FFD8 page below FFD9 is a whole jpg
Winhex with the new file, copy and paste the contents into Ascll Hex format and save, modify suffix .jpg, gained the extracting passwords archive, open the archive to get flag