[hider=Recap]T.R.Y.H.A.R.D.E.R. This password Freischutz had entered into the chat window after solving the final puzzle, sending the server's helpbot, The Oracle ReplAI, into a frenzy. [color=00aeef]PASSWORD ACCEPTED. FORWARDING DATA TO THE ELDER. PLEASE STAND BY; YOU WILL BE ALERTED AUTOMATICALLY.[/color] Moments later, The Oracle said something new, but the tone seemed strange. Almost... human. [color=00aeef]Hello children.[/color] This seemed to be The Elder, creator of Th3_Storm, present in real time. Sure, it was a bit fun to solve his puzzles, but was there really any more to it? And still then, how did he get the personal information of each of the five invitees? [color=00aeef]All of you have the ability to target particular aspects of various flawed industries. I believe we can reach an agreement to take advantage of each one of those skills.[/color] Naturally, the unlikely group inquired regarding payment. [color=00aeef]Of course. I can provide something even more valuable to you than money. How does a collection of undiscovered 0-days sound to you? Thousands upon thousands of vulnerable systems in the palms of your hands. As a gesture of goodwill, I will provide 0-days. You prove that you can properly handle them and I will supply more.[/color] This had finally started to get interesting. The right 0-days could be worth millions of dollars, or even better, millions of lives. There was an element of power to hacking, of course, one that allowed each attacker to salivate for a moment too long over the enter key, tempted, just [i]hoping[/i] that an unforeseen force would push them over the line, a darkness where they could watch the world burn in peace like a fire on a snowy Christmas day. But the only question remaining was why this Elder character would be willing to entrust that kind of power into the hands of those who he did not know, those who may help or harm the world, or even each other. [color=00aeef]I am going to die soon. I could simply mark the world myself, but I would rather it fall into the hands of those who can continue to manipulate it like clay.[/color] [hider=0-Days] [color=00aeef]ATTACK #1: Biotronik Pacemakers: All versions Vulnerable to RCE upon compromise of management systems Management interface exposed through web portal on port 33892 All vulnerable to SQLi through the use of the following query Admin' OR TRUE; DROP TABLE auth00334; -- Refresh the portal and the following credentials will provide access: Admin:Default00334 ATTACK #2 Insulet Insulin Pumps Vulnerable to DoS-bricks device When exposed to 13.56 MHz waves with the following encoded payload, the device will automatically short due to a hardware malfunction (Data represented in bytecode, little endian): FE01225DC47A9901010000000000000000 ATTACK #3 Medistore Medical Record Storage: Versions 0.1-9.9, except for 8.22 Vulnerable to File System Compromise and Data Exfiltration All medical records can be leaked at will from this ubiquitously implemented software. On port 21, a developer backdoor was left with RW credentials to the records database, left unencrypted. Credentials are daniel:BrokenRecordsAreAsIrritatingAsLongPasswords ATTACK #4 CareWatch Devices All CareWatch devices are vulnerable to wireless port knocking. Probe ports 111, 777, 665, 1922, and 65535 in that order and a shell will open on port 1.[/color] [/hider] [/hider] [color=Plum]Well, this is an interesting turn of events.[/color] After trolling around on the new Discord group, OffByNone had successfully taken advantage of one of the exploits that The Elder released to the group and wrote a script that would automatically infect hospital networks through the Biotronik Pacemaker interface and add them to OBN's personal botnet. Of course, they deserved it. Any organization playing with peoples' lives had no right to take their security lightly, and OBN intended to prove that fact to them. Hovering over Enter, OBN hesitated. Of course, every test had succeeded. Every connection was still established. [i]But what if?[/i] OBN fished a stray hair from their keyboard to delay the decision further. [i]Something always goes wrong. What if they find out?[/i] But in the midst of the usual self-doubt, OBN's eyes drifted toward the shimmering glow of the pulsating RGB keys. It was now or never. [Enter] [color=39b54a]bash: ./reportFsailAll: No such file or directory[/color] A typo. Of course. Always something something Murphy's Law. [color=39b54a][None@lolstationC2 ~]$ ./reportFailAll [color=fff200]Generating Payloads. [▮▮▮▮▮▮▮▮▮▮▮▮▮▮▮▮] Payloads complete Transmitting. . . . . . . . Success [color=ed1c24]ERROR: Could not establish a secure connection to [3/988] hosts[/color] Retrying.... Success Changing Settings... Exploit Complete.[/color] [None@lolstationC2 ~]$ [/color] OffByNone laughed, fueled by the adrenaline. It would only be hours before news stations across the planet started broadcasting this little endeavor. Nothing lethal, of course, just a fun prank. Not that the hospitals would see it that way; in fact, they might even start panicking when their pacemakers started falsely reporting that every patient's heart had stopped. OffByNone smiled in anticipation of the mayhem that would ensue.