Doing this challenge right after Ovaltine made it pretty easy. Once again, we are given a network capture, and must find the flag in it. This time I directly started by exporting the HTTP objects, and looked at what was there:
$cat key.gif <html> <head><title>301 Moved Permanently</title></head> <body bgcolor="white"> <center><h1>301 Moved Permanently</h1></center> <hr><center>nginx</center> </body> </html>
We find that a key.bmp image is hosted on a dropbox, and opening the link in a web browser allow us to download the file. Great, let's look at it now!
Hum, still not it. Let's see what type of file we have now:
$file key.bmp key.bmp: Microsoft Word 2007+
Oh, false alarm that was a bogus lead. Unless...
Yes! The flag was hidden behind the image and we can validate the challenge