Short Name |
HTTP:IIS:SENSEPOST.EXE |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
IIS Sensepost.exe Hacker Tool Probe |
Release Date |
2003/11/19 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to locate sensepost.exe on a Microsoft ISS Web Server. Attackers can use a proof-of-concept hacking tool to break into a vulnerable Web server, then copy cmd.exe to the Web server script directory, and rename it sensepost.exe to avoid detection by log viewers. To identify this event, check your Web server logs for details--if the server returned a "200" to the request, your Web server might be compromised.
Successful access of sensepost.exe allows a remote attacker to execute malicious commands using the privileges of the IIS user.