Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:IIS:SENSEPOST.EXE

Severity

 Medium

Recommended

 No

Category

 HTTP

Keywords

 HTTP IIS

Release Date

 2003/11/19

Update Number

 1213

Supported Platforms

 di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: IIS Sensepost.exe Hacker Tool Probe


This signature detects attempts to locate sensepost.exe on a Microsoft ISS Web Server. Attackers can use a proof-of-concept hacking tool to break into a vulnerable Web server, then copy cmd.exe to the Web server script directory, and rename it sensepost.exe to avoid detection by log viewers. To identify this event, check your Web server logs for details--if the server returned a "200" to the request, your Web server might be compromised.

Extended Description

Successful access of sensepost.exe allows a remote attacker to execute malicious commands using the privileges of the IIS user.

References

  • URL: http://www.juniper.net/security/auto/vulnerabilities/vuln1290.html

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out