I got this one done a couple of ways. I tried tcpxtract but got a segmentation fault before the zip files were recovered, so I didn't pursue that at all. Instead, I went back to manual analysis and extraction. There was a lot of noise in the file other than the few packets of interest. I started by loading the pcap up in wireshark and searching for 'pass' in the packet data and came up with a couple, both of them POST requests with "split-file/pass" in the body. That led me to set a filter to only show POST requests. There were 8 of them, four with part of a media file and another 4 with Line-based text data. The following shows one of the media file packets with the media portion highlighted. The first way I solved the challenge was to notice the string in this packet, unlike any of the other packets, and try using it. That worked, but it isn't very elegant.
Back to reviewing the pcap file and looking at the Line-based text data, I noticed that each of them had "name" data starting with "xa" and ending in a, b, c, and d.
I already knew it was a multi-part file from the "split-file/" hint in the media files. These bits of "name" data give the order to reassemble the file. So, in the first pcap screen capture above, the media is highlighted. All I need to do is press <ctrl>h to save that data as binary in a file. I named it part182 based on the packet number, but it would have been easier to call it "xaa" so I didn't have to take notes. Did the same to the others, catted the files together, unzipped them and retrieved the password.