File: haxxx.jpg (312 KB, 970x545) Image search: [Google]

312 KB, 970x545

I was playing around with making meterpreters for Windows and sent one to my friend over Facebook chat to test if it worked (with his consent). Before he had even downloaded it, someone connected to my listener. I am positive it was not my friend. 2 more connections came in within the next 20 minutes, both differents IPs from the first. I only managed to get a directory listing of the home directory from the first connection (see below). Does anyone know what kind of machine it looks like?

meterpreter > ls
Listing: C:\Documents and Settings\Admin
========================================

Mode Size Type Last modified Name
---- ---- ---- ------------- ----
40555/r-xr-xr-x 0 dir 2014-03-13 17:32:02 +0000 Application Data
40777/rwxrwxrwx 0 dir 2014-03-13 17:37:00 +0000 Cookies
40777/rwxrwxrwx 0 dir 2013-08-15 19:53:53 +0100 Desktop
40555/r-xr-xr-x 0 dir 2013-12-23 20:30:54 +0000 Favorites
40777/rwxrwxrwx 0 dir 2013-12-23 11:48:47 +0000 IECompatCache
40777/rwxrwxrwx 0 dir 2013-12-23 20:30:53 +0000 IETldCache
40777/rwxrwxrwx 0 dir 2013-12-23 11:29:00 +0000 Local Settings
40555/r-xr-xr-x 0 dir 2013-12-23 20:30:54 +0000 My Documents
100666/rw-rw-rw- 1048576 fil 2016-03-04 09:27:23 +0000 NTUSER.DAT
100666/rw-rw-rw- 16384 fil 2016-04-04 17:10:23 +0100 NTUSER.DAT.LOG
40777/rwxrwxrwx 0 dir 2013-12-23 11:29:00 +0000 NetHood
40777/rwxrwxrwx 0 dir 2013-12-23 11:29:00 +0000 PrintHood
40777/rwxrwxrwx 0 dir 2013-12-23 11:48:13 +0000 PrivacIE
40555/r-xr-xr-x 0 dir 2013-12-23 12:05:44 +0000 Recent
40555/r-xr-xr-x 0 dir 2013-12-23 19:50:46 +0000 SendTo
40555/r-xr-xr-x 0 dir 2013-12-23 11:29:00 +0000 Start Menu
40777/rwxrwxrwx 0 dir 2013-12-23 19:40:59 +0000 Templates
100666/rw-rw-rw- 178 fil 2016-03-04 09:27:23 +0000 ntuser.ini