After connecting to the SSH machine and inspecting the filesystem some interesting directories cames out in /var/cache/man/. After listed them all it seems that they contains huge amounts of files with random name. Listing them using the –color option we found out in /var/cache/man/cap5 that there is an executable SUID bitted.  Executing it turns out that its the tcpdump executable. Running it a lot of garbage packets comes out. Just filter them using “not port 22” and printing also the data of each packet:

/var/cache/man/cap5/a35c4b1e-c4bd-4599-9d7a-da601996862f -XX not port 22

Now just wait a bit and the flag should appear:  6470e394cbf6dab6a91682cc8585059b

Razor4x