Microsoft(R) Windows NT(TM) (C) Copyright 1985-1996 Microsoft Corp. C:\Program Files\Common Files\system\msadc>dir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\Program Files\Common Files\system\msadc 02/04/01 07:04a . 02/04/01 07:04a .. 09/25/97 07:41a 596 adcjavas.inc 09/25/97 07:41a 589 adcvbs.inc 04/30/97 11:00p 208,144 cmd1.exe 09/25/97 08:28a 172,816 msadce.dll 09/25/97 08:16a 5,632 msadcer.dll 09/25/97 08:24a 23,312 msadcf.dll 09/25/97 08:24a 91,408 msadco.dll 09/25/97 08:19a 5,120 msadcor.dll 09/26/97 08:19a 42,256 msadcs.dll 02/04/01 06:41a 59,392 nc.exe 10/02/97 07:28a 19,388 readme.txt 13 File(s) 628,653 bytes 1,690,259,968 bytes free C:\Program Files\Common Files\system\msadc> C:\Program Files\Common Files\system\msadc>net session net session System error 5 has occurred. Access is denied. C:\Program Files\Common Files\system\msadc> C:\Program Files\Common Files\system\msadc>cd\ cd\ C:\> C:\>dir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\ 11/26/00 12:34p 0 AUTOEXEC.BAT 11/26/00 06:57p 322 boot.ini 11/26/00 12:34p 0 CONFIG.SYS 12/26/00 07:36p exploits 02/04/01 07:07a 5,327 har.txt 12/07/00 03:30p InetPub 12/07/00 03:12p Multimedia Files 12/26/00 07:10p New Folder 01/26/01 02:10p 78,643,200 pagefile.sys 12/21/00 08:59p Program Files 02/04/01 06:49a 69 README.NOW.Hax0r 12/21/00 08:59p TEMP 02/04/01 07:08a WINNT 12/26/00 07:09p wiretrip 02/04/01 06:43a 0 yay.txt 15 File(s) 78,648,918 bytes 1,690,259,968 bytes free C:\> C:\>del yay.txt del yay.txt C:\yay.txt The process cannot access the file because it is being used by another process. C:\> C:\>cd wiretrip dicd wiretrip C:\wiretrip> C:\wiretrip>r dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\wiretrip 12/26/00 07:09p . 12/26/00 07:09p .. 12/26/00 07:04p 15,501 msadc1.pl 12/26/00 07:04p 17,865 msadc2.pl 12/26/00 07:04p 4,425 RFParalyze.c 12/26/00 07:04p 2,269 RFPickaxe.pl 12/26/00 07:05p 7,393 RFPoison.c 12/26/00 07:04p 12,450 RFPoison.zip 12/26/00 07:04p 1,792 RFProwl.c 12/26/00 07:06p 170,372 whisker.tar.gz 12/26/00 07:06p 173,427 whisker.zip 12/26/00 07:05p 25,229 whiskerids.html 12 File(s) 430,723 bytes 1,690,259,968 bytes free C:\wiretrip> C:\wiretrip>cd .. cd .. d C:\> C:\>ir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\ 11/26/00 12:34p 0 AUTOEXEC.BAT 11/26/00 06:57p 322 boot.ini 11/26/00 12:34p 0 CONFIG.SYS 12/26/00 07:36p exploits 02/04/01 07:07a 5,327 har.txt 12/07/00 03:30p InetPub 12/07/00 03:12p Multimedia Files 12/26/00 07:10p New Folder 01/26/01 02:10p 78,643,200 pagefile.sys 12/21/00 08:59p Program Files 02/04/01 06:49a 69 README.NOW.Hax0r 12/21/00 08:59p TEMP 02/04/01 07:08a WINNT 12/26/00 07:09p wiretrip 02/04/01 06:43a 0 yay.txt 15 File(s) 78,648,918 bytes 1,690,259,968 bytes free C:\> C:\>cdinetpub cdinetpub The name specified is not recognized as an internal or external command, operable program or batch file. C:\> C:\>dir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\ 11/26/00 12:34p 0 AUTOEXEC.BAT 11/26/00 06:57p 322 boot.ini 11/26/00 12:34p 0 CONFIG.SYS 12/26/00 07:36p exploits 02/04/01 07:07a 5,327 har.txt 12/07/00 03:30p InetPub 12/07/00 03:12p Multimedia Files 12/26/00 07:10p New Folder 01/26/01 02:10p 78,643,200 pagefile.sys 12/21/00 08:59p Program Files 02/04/01 06:49a 69 README.NOW.Hax0r 12/21/00 08:59p TEMP 02/04/01 07:08a WINNT 12/26/00 07:09p wiretrip 02/04/01 06:43a 0 yay.txt 15 File(s) 78,648,918 bytes 1,690,259,968 bytes free C:\> C:\>cd .. cd .. C:\> C:\>cd new folder dcd new folder C:\New Folder> C:\New Folder>ir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\New Folder 12/26/00 07:10p . 12/26/00 07:10p .. 2 File(s) 0 bytes 1,690,259,968 bytes free C:\New Folder> C:\New Folder>cd .. cd .. C:\> C:\>cd inetpub cd inetpub C:\InetPub> C:\InetPub>dir ub dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\InetPub 12/07/00 03:30p . 12/07/00 03:30p .. 11/26/00 12:40p ftproot 11/26/00 12:40p gophroot 12/07/00 03:31p iissamples 11/26/00 12:40p scripts 12/15/00 08:56p wwwroot 7 File(s) 0 bytes 1,690,259,968 bytes free C:\InetPub> C:\InetPub>cd wwwroot dcd wwwroot C:\InetPub\wwwroot> C:\InetPub\wwwroot>ir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\InetPub\wwwroot 12/15/00 08:56p . 12/15/00 08:56p .. 12/07/00 03:37p cgi-bin 12/07/00 03:37p 4,663 default.asp 12/15/00 10:26p 1,233 default.htm 12/07/00 03:37p 4,325 default.htm.org 12/15/00 09:15p guest 12/07/00 03:37p images 12/15/00 06:36p 709 lrfpbot.gif 12/15/00 07:05p 673 lrfptop.gif 12/15/00 06:36p 1,422 nmrc.gif 12/07/00 03:37p 2,504 postinfo.html 12/15/00 06:36p 968 rfp.gif 12/15/00 06:36p 8,606 rfpback.gif 12/15/00 06:36p 8,606 rfpback1.gif 11/26/00 12:40p samples 12/15/00 06:36p 1,624 sf.gif 12/15/00 06:36p 756 technotronic.gif 12/15/00 06:36p 2,526 void.gif 12/15/00 06:36p 1,213 whisker.gif 12/15/00 06:36p 1,161 win2k.gif 12/07/00 03:37p _private 12/07/00 03:37p 1,759 _vti_inf.html 23 File(s) 42,748 bytes 1,690,259,968 bytes free C:\InetPub\wwwroot> C:\InetPub\wwwroot>copy c:\har.txt copy c:\har.txt 1 file(s) copied. C:\InetPub\wwwroot> C:\InetPub\wwwroot>del hatr.txt del hatr.txt The filename, directory name, or volume label syntax is incorrect. C:\InetPub\wwwroot> C:\InetPub\wwwroot>del har.txt del har.txt C:\InetPub\wwwroot> C:\InetPub\wwwroot>dir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\InetPub\wwwroot 02/04/01 07:11a . 02/04/01 07:11a .. 12/07/00 03:37p cgi-bin 12/07/00 03:37p 4,663 default.asp 12/15/00 10:26p 1,233 default.htm 12/07/00 03:37p 4,325 default.htm.org 12/15/00 09:15p guest 02/04/01 07:07a 5,327 har.txt 12/07/00 03:37p images 12/15/00 06:36p 709 lrfpbot.gif 12/15/00 07:05p 673 lrfptop.gif 12/15/00 06:36p 1,422 nmrc.gif 12/07/00 03:37p 2,504 postinfo.html 12/15/00 06:36p 968 rfp.gif 12/15/00 06:36p 8,606 rfpback.gif 12/15/00 06:36p 8,606 rfpback1.gif 11/26/00 12:40p samples 12/15/00 06:36p 1,624 sf.gif 12/15/00 06:36p 756 technotronic.gif 12/15/00 06:36p 2,526 void.gif 12/15/00 06:36p 1,213 whisker.gif 12/15/00 06:36p 1,161 win2k.gif 12/07/00 03:37p _private 12/07/00 03:37p 1,759 _vti_inf.html 24 File(s) 48,075 bytes 1,690,254,336 bytes free C:\InetPub\wwwroot> C:\InetPub\wwwroot>dir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\InetPub\wwwroot 02/04/01 07:11a . 02/04/01 07:11a .. 12/07/00 03:37p cgi-bin 12/07/00 03:37p 4,663 default.asp 12/15/00 10:26p 1,233 default.htm 12/07/00 03:37p 4,325 default.htm.org 12/15/00 09:15p guest 02/04/01 07:07a 5,327 har.txt 12/07/00 03:37p images 12/15/00 06:36p 709 lrfpbot.gif 12/15/00 07:05p 673 lrfptop.gif 12/15/00 06:36p 1,422 nmrc.gif 12/07/00 03:37p 2,504 postinfo.html 12/15/00 06:36p 968 rfp.gif 12/15/00 06:36p 8,606 rfpback.gif 12/15/00 06:36p 8,606 rfpback1.gif 11/26/00 12:40p samples 12/15/00 06:36p 1,624 sf.gif 12/15/00 06:36p 756 technotronic.gif 12/15/00 06:36p 2,526 void.gif 12/15/00 06:36p 1,213 whisker.gif 12/15/00 06:36p 1,161 win2k.gif 12/07/00 03:37p _private 12/07/00 03:37p 1,759 _vti_inf.html 24 File(s) 48,075 bytes 1,690,254,336 bytes free C:\InetPub\wwwroot> C:\InetPub\wwwroot>del har.txt ddel har.txt C:\InetPub\wwwroot\har.txt Access is denied. C:\InetPub\wwwroot> C:\InetPub\wwwroot>ir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\InetPub\wwwroot 02/04/01 07:11a . 02/04/01 07:11a .. 12/07/00 03:37p cgi-bin 12/07/00 03:37p 4,663 default.asp 12/15/00 10:26p 1,233 default.htm 12/07/00 03:37p 4,325 default.htm.org 12/15/00 09:15p guest 02/04/01 07:07a 5,327 har.txt 12/07/00 03:37p images 12/15/00 06:36p 709 lrfpbot.gif 12/15/00 07:05p 673 lrfptop.gif 12/15/00 06:36p 1,422 nmrc.gif 12/07/00 03:37p 2,504 postinfo.html 12/15/00 06:36p 968 rfp.gif 12/15/00 06:36p 8,606 rfpback.gif 12/15/00 06:36p 8,606 rfpback1.gif 11/26/00 12:40p samples 12/15/00 06:36p 1,624 sf.gif 12/15/00 06:36p 756 technotronic.gif 12/15/00 06:36p 2,526 void.gif 12/15/00 06:36p 1,213 whisker.gif 12/15/00 06:36p 1,161 win2k.gif 12/07/00 03:37p _private 12/07/00 03:37p 1,759 _vti_inf.html 24 File(s) 48,075 bytes 1,690,254,336 bytes free C:\InetPub\wwwroot> C:\InetPub\wwwroot>type type The syntax of the command is incorrect. C:\InetPub\wwwroot> C:\InetPub\wwwroot>dir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\InetPub\wwwroot 02/04/01 07:11a . 02/04/01 07:11a .. 12/07/00 03:37p cgi-bin 12/07/00 03:37p 4,663 default.asp 12/15/00 10:26p 1,233 default.htm 12/07/00 03:37p 4,325 default.htm.org 12/15/00 09:15p guest 02/04/01 07:07a 5,327 har.txt 12/07/00 03:37p images 12/15/00 06:36p 709 lrfpbot.gif 12/15/00 07:05p 673 lrfptop.gif 12/15/00 06:36p 1,422 nmrc.gif 12/07/00 03:37p 2,504 postinfo.html 12/15/00 06:36p 968 rfp.gif 12/15/00 06:36p 8,606 rfpback.gif 12/15/00 06:36p 8,606 rfpback1.gif 11/26/00 12:40p samples 12/15/00 06:36p 1,624 sf.gif 12/15/00 06:36p 756 technotronic.gif 12/15/00 06:36p 2,526 void.gif 12/15/00 06:36p 1,213 whisker.gif 12/15/00 06:36p 1,161 win2k.gif 12/07/00 03:37p _private 12/07/00 03:37p 1,759 _vti_inf.html 24 File(s) 48,075 bytes 1,690,254,336 bytes free C:\InetPub\wwwroot> C:\InetPub\wwwroot>del har.txt del har.txt C:\InetPub\wwwroot\har.txt Access is denied. C:\InetPub\wwwroot> C:\InetPub\wwwroot>dir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\InetPub\wwwroot 02/04/01 07:11a . 02/04/01 07:11a .. 12/07/00 03:37p cgi-bin 12/07/00 03:37p 4,663 default.asp 12/15/00 10:26p 1,233 default.htm 12/07/00 03:37p 4,325 default.htm.org 12/15/00 09:15p guest 02/04/01 07:07a 5,327 har.txt 12/07/00 03:37p images 12/15/00 06:36p 709 lrfpbot.gif 12/15/00 07:05p 673 lrfptop.gif 12/15/00 06:36p 1,422 nmrc.gif 12/07/00 03:37p 2,504 postinfo.html 12/15/00 06:36p 968 rfp.gif 12/15/00 06:36p 8,606 rfpback.gif 12/15/00 06:36p 8,606 rfpback1.gif 11/26/00 12:40p samples 12/15/00 06:36p 1,624 sf.gif 12/15/00 06:36p 756 technotronic.gif 12/15/00 06:36p 2,526 void.gif 12/15/00 06:36p 1,213 whisker.gif 12/15/00 06:36p 1,161 win2k.gif 12/07/00 03:37p _private 12/07/00 03:37p 1,759 _vti_inf.html 24 File(s) 48,075 bytes 1,690,254,336 bytes free C:\InetPub\wwwroot> C:\InetPub\wwwroot>dir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\InetPub\wwwroot 02/04/01 07:11a . 02/04/01 07:11a .. 12/07/00 03:37p cgi-bin 12/07/00 03:37p 4,663 default.asp 12/15/00 10:26p 1,233 default.htm 12/07/00 03:37p 4,325 default.htm.org 12/15/00 09:15p guest 02/04/01 07:07a 5,327 har.txt 12/07/00 03:37p images 12/15/00 06:36p 709 lrfpbot.gif 12/15/00 07:05p 673 lrfptop.gif 12/15/00 06:36p 1,422 nmrc.gif 12/07/00 03:37p 2,504 postinfo.html 12/15/00 06:36p 968 rfp.gif 12/15/00 06:36p 8,606 rfpback.gif 12/15/00 06:36p 8,606 rfpback1.gif 11/26/00 12:40p samples 12/15/00 06:36p 1,624 sf.gif 12/15/00 06:36p 756 technotronic.gif 12/15/00 06:36p 2,526 void.gif 12/15/00 06:36p 1,213 whisker.gif 12/15/00 06:36p 1,161 win2k.gif 12/07/00 03:37p _private 12/07/00 03:37p 1,759 _vti_inf.html 24 File(s) 48,075 bytes 1,690,254,336 bytes free C:\InetPub\wwwroot> C:\InetPub\wwwroot>cd guest dcd guest C:\InetPub\wwwroot\guest> C:\InetPub\wwwroot\guest>ir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\InetPub\wwwroot\guest 12/15/00 09:15p . 12/15/00 09:15p .. 12/15/00 08:59p 1 12/15/00 09:09p 2 12/15/00 08:59p 3 01/05/01 11:27a 1,829 default.asp 05/07/99 09:14p 200,704 DVMailer.DLL 12/15/00 09:11p 10,017 guestbook.asp 06/15/99 12:17p 18 GuestBook.bot 01/25/01 04:12p 27,843 GuestBook.HTM 01/25/01 04:12p 2,691 GUESTBOOK.LOG 12/15/00 09:22p 413 GuestBook.top 12/15/00 06:36p 709 lrfpbot.gif 12/15/00 07:05p 673 lrfptop.gif 12/15/00 06:36p 1,422 nmrc.gif 06/16/99 10:45a 4,441 Readme 12/15/00 06:36p 968 rfp.gif 12/15/00 06:36p 8,606 rfpback.gif 12/15/00 06:36p 8,606 rfpback1.gif 12/15/00 06:36p 1,624 sf.gif 12/15/00 06:36p 756 technotronic.gif 06/16/99 08:50a 186 ViewGB.asp 12/15/00 06:36p 2,526 void.gif 12/15/00 06:36p 1,213 whisker.gif 12/15/00 06:36p 1,161 win2k.gif 25 File(s) 276,406 bytes 1,690,254,336 bytes free C:\InetPub\wwwroot\guest> C:\InetPub\wwwroot\guest>cd .. cd .. C:\InetPub\wwwroot> C:\InetPub\wwwroot>d: d: The system cannot find the drive specified. C:\InetPub\wwwroot> C:\InetPub\wwwroot>e: e: The system cannot find the drive specified. C:\InetPub\wwwroot> C:\InetPub\wwwroot>f: f: The system cannot find the drive specified. C:\InetPub\wwwroot> C:\InetPub\wwwroot>h: h: The name specified is not recognized as an internal or external command, operable program or batch file. C:\InetPub\wwwroot> C:\InetPub\wwwroot>h: h: The system cannot find the drive specified. C:\InetPub\wwwroot> C:\InetPub\wwwroot>g: g: The system cannot find the drive specified. C:\InetPub\wwwroot> C:\InetPub\wwwroot>f: f: The system cannot find the drive specified. C:\InetPub\wwwroot> C:\InetPub\wwwroot>a: a: b:The system cannot find the drive specified. C:\InetPub\wwwroot> C:\InetPub\wwwroot> b: The system cannot find the drive specified. C:\InetPub\wwwroot> C:\InetPub\wwwroot>cd\ cd\ C:\> C:\>dir dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\ 11/26/00 12:34p 0 AUTOEXEC.BAT 11/26/00 06:57p 322 boot.ini 11/26/00 12:34p 0 CONFIG.SYS 12/26/00 07:36p exploits 02/04/01 07:07a 5,327 har.txt 12/07/00 03:30p InetPub 12/07/00 03:12p Multimedia Files 12/26/00 07:10p New Folder 01/26/01 02:10p 78,643,200 pagefile.sys 12/21/00 08:59p Program Files 02/04/01 06:49a 69 README.NOW.Hax0r 12/21/00 08:59p TEMP 02/04/01 07:14a WINNT 12/26/00 07:09p wiretrip 02/04/01 06:43a 0 yay.txt 15 File(s) 78,648,918 bytes 1,690,254,336 bytes free C:\> C:\>cd temp cd temp di C:\TEMP> C:\TEMP>r dir Volume in drive C has no label. Volume Serial Number is 8403-6A0E Directory of C:\TEMP 12/21/00 08:59p . 12/21/00 08:59p .. 12/16/00 06:54p 81,920 Arm2.tmp 12/16/00 06:54p 16 E65B8AC0.TMP 12/21/00 08:59p IXP1.tmp 12/20/00 05:12p 7,680 ~DF64D5.tmp 6 File(s) 89,616 bytes 1,690,254,336 bytes free C:\TEMP> C:\TEMP>expl expl The name specified is not recognized as an internal or external command, operable program or batch file. C:\TEMP> C:\TEMP>exit