I’m going to target Genovex this year. I’ve got a campaign set up to access databases at one of the Aurora Health pharmacies. Genovex makes a ton of money and the Aurora pharmacies are notorious for bad security practices. I bet they keep a lot of data on the patients that we can sell on the dark web.
I bet their databases are a treasure trove. If you can get something like SSNs or credit card details, that would be amazing.
Ok I’ve made some progress. I successfully extracted a portion of their database!
Nice! How did you do it?
Easy sqli vuln on their website used to request status of prescriptions. I can’t believe they didn’t have it patched.
You rock! What kind of data did you get?
All good stuff. Patient info, credit card numbers, prescription orders, inventories at each of the Aurora sites. We’re about to make
Whoa are you serious??
We could make even more if we got a hold of the STAR they have in their inventory. What facilities near you have the most STAR?
Umm let me check… There are a bunch of facilities in Phoenix. I’d have to look at which ones have the most STAR.
How much does STAR fetch on the DW?
I’ve known some markets to buy it for $50 per dose. We’re talking at least six figures if we can swipe the STAR from one of the Phoenix facilities. Less if we hit up one of the patients and offer them about $25 per dose.
Hey What is the Password for the backdoor we set up for Aurora? I want to see if I can dig around more and run a privilege escalation on their systems.
Lol very nice next time you could just send it to me, you have my public key after all.
But where is the fun in that
Alrighty @lilith since you wanna be a smarty-pants, I was able to create a new account that i attached a logic bomb to, I should have an admin account within the next few days. If you want access to that account here is the password to it.
Password.zip (290 Bytes)
NOT FAIR!!! COME ON!!!
I dont have time for that Tish!
…it is pretty clever though