PERSONAL EXPIERNCE
In March 2024. I went to my friend's hospital for some work and saw a machine in O.T which was connected with network connection or I took permission from my friend so that I can do its security testing. When I started the permission to do security assessment, I got direct access to our machine. Or if I had complete control of the machine, if an attacker had blocked our machine, the patient could have been dead. This is a critical medical risk.
Exploit
- https://www.rapid7.com/db/modules/exploit/unix/ftp/vsftpd_234_backdoor/
- code:
