From ecc89a29733ff586d0dbfbc79f2fd9caf00ae202 Mon Sep 17 00:00:00 2001
From: Maxime Vorwerk <Maxime Vorwerk>
Date: Mon, 24 Jun 2024 13:04:23 +0200
Subject: [PATCH] PW crack 3

---
 pw_crack_3/level3.flag.txt.enc |  2 ++
 pw_crack_3/level3.hash.bin     |  1 +
 pw_crack_3/level3.py           | 46 ++++++++++++++++++++++++++++++++++
 3 files changed, 49 insertions(+)
 create mode 100755 pw_crack_3/level3.flag.txt.enc
 create mode 100755 pw_crack_3/level3.hash.bin
 create mode 100755 pw_crack_3/level3.py
diff --git a/pw_crack_3/level3.flag.txt.enc b/pw_crack_3/level3.flag.txt.enc
new file mode 100755
index 0000000..ebbeb00
--- /dev/null
+++ b/pw_crack_3/level3.flag.txt.enc
@@ -0,0 +1,2 @@
+B[ZZqfN_]mTU\U[UmS
+XTD
\ No newline at end of file
diff --git a/pw_crack_3/level3.hash.bin b/pw_crack_3/level3.hash.bin
new file mode 100755
index 0000000..795faf3
--- /dev/null
+++ b/pw_crack_3/level3.hash.bin
@@ -0,0 +1 @@
+m`я›TA45ґЇТ&
\ No newline at end of file
diff --git a/pw_crack_3/level3.py b/pw_crack_3/level3.py
new file mode 100755
index 0000000..6603bb3
--- /dev/null
+++ b/pw_crack_3/level3.py
@@ -0,0 +1,46 @@
+#!/home/maxime/.pyvenv/bin/python3
+import hashlib
+
+### THIS FUNCTION WILL NOT HELP YOU FIND THE FLAG --LT ########################
+def str_xor(secret, key):
+    #extend key to secret length
+    new_key = key
+    i = 0
+    while len(new_key) < len(secret):
+        new_key = new_key + key[i]
+        i = (i + 1) % len(key)        
+    return "".join([chr(ord(secret_c) ^ ord(new_key_c)) for (secret_c,new_key_c) in zip(secret,new_key)])
+###############################################################################
+
+flag_enc = open('level3.flag.txt.enc', 'rb').read()
+correct_pw_hash = open('level3.hash.bin', 'rb').read()
+
+
+def hash_pw(pw_str):
+    pw_bytes = bytearray()
+    pw_bytes.extend(pw_str.encode())
+    m = hashlib.md5()
+    m.update(pw_bytes)
+    return m.digest()
+
+
+def level_3_pw_check():
+    user_pw = input("Please enter correct password for flag: ")
+    user_pw_hash = hash_pw(user_pw)
+    
+    if( user_pw_hash == correct_pw_hash ):
+        print("Welcome back... your flag, user:")
+        decryption = str_xor(flag_enc.decode(), user_pw)
+        print(decryption)
+        return
+    print("That password is incorrect")
+
+
+
+level_3_pw_check()
+
+
+# The strings below are 7 possibilities for the correct password. 
+#   (Only 1 is correct)
+pos_pw_list = ["8799", "d3ab", "1ea2", "acaf", "2295", "a9de", "6f3d"]
+
