HTTP: IIS Sensepost.exe Hacker Tool Probe
This signature detects attempts to locate sensepost.exe on a Microsoft ISS Web Server. Attackers can use a proof-of-concept hacking tool to break into a vulnerable Web server, then copy cmd.exe to the Web server script directory, and rename it sensepost.exe to avoid detection by log viewers. To identify this event, check your Web server logs for details--if the server returned a "200" to the request, your Web server might be compromised.
Extended Description
Successful access of sensepost.exe allows a remote attacker to execute malicious commands using the privileges of the IIS user.
Short Name
HTTP:IIS:SENSEPOST.EXE
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Hacker IIS Probe Sensepost.exe Tool
Release Date
11/20/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown