Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Rapid 7 Outlines the Most Popular Metasploit Modules

Metasploit is a powerful and popular tool for penetration testers and security experts. However, it’s also a goldmine for the darker side of the hacking community. Recently, Rapid 7 published a list of most popular Metasploit modules, offering an interesting look at the vulnerabilities that earned the most attention last month.

Metasploit is a powerful and popular tool for penetration testers and security experts. However, it’s also a goldmine for the darker side of the hacking community. Recently, Rapid 7 published a list of most popular Metasploit modules, offering an interesting look at the vulnerabilities that earned the most attention last month.

Rapid7

The list was compiled by examining the webserver stats for the Metasploit Auxiliary and Exploit Database.

1. MS12-020  – At the top of the list is MS12-020. Earlier this year, it was implied (though never proven) that MS12-020 would allow an attacker to hijack RDP and execute code. The second vulnerability addressed in MS12-020 centered on a flaw in RDP that could be used to create a Denial-of-Service condition on systems where RDP was enabled. “This is likely the most popular module we have due to both recency bias and because there was an unusual level of spontaneous organization of the Metasploit developer community to search for the correct path to remote code execution,” Rapid 7’s Tod Beardsley explained.

2. MS08-067 –  Beardsley explains this one as a “four year old vulnerability that tends to give the most reliable shells on Windows 2003 Server and Windows XP… This exploit is also not ancient, so it’s reasonable to expect to find some unpatched systems in a medium to large enterprise vulnerable to it.” Most security admins and aficionados however will recognize this vulnerability as the one used by Conficker and its many variants to spread. It was released out-of-cycle in 2008 (October 23) in order to address a flaw in the Server service, which is enabled by default on Windows 2000, Windows XP (all versions), and Windows Server 2003. Prophetically, Microsoft pushed a fix for this flaw earlier than usual because of the concern that it could be used in the creation of a new Worm variant. Months after the patch was developed, the vulnerability was used in the first version of Conficker. The Worm remains active to this day.

3. MS06-040 – This is the go to method for gaining remote root on Windows NT. “A six year old vulnerability that’s notable in that there’s no official patch from Microsoft for this on Windows NT 4.0. This was discovered after NT went end-of-life, so if you need remote root on an NT machine (and there are still plenty out there), this is going to be your first choice,” Beardsley said.

As SecurityWeek columnist Oliver Rochford points out, studies of the methods utilized in the wild reflect that attackers have a preference for the same tools that penetration testers and other security professionals use or sell to others, and Metasploit is no different.

The entire list of popular Metasploit modules is worth checking out. It’s also worth the time it takes to ensure that your systems are patched against them. 

Advertisement. Scroll to continue reading.
Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.