BadBlue: It is a file sharing program from a different perspective capable of transforming the machine into a Web server .


[ hide ]

  • 1 Features
  • 2 options
  • 3 Compatible operating systems
  • 4 Requirements
  • 5 Advantages
  • 6 Vulnerabilities
  • 7 Source


Once BadBlue is installed, the Web server starts , through which the entire system can be managed from point to point. Data such as information related to the files to be exchanged, searches, editing, computers with which you can connect, among others and can also be viewed and edited from the browser.

Everything is controlled through the browser. The browser is used as an interface with the program that only loads the system with the server.

BadBlue can explore all kinds of content, including Excel and Word files .

The program allows you to choose the port on which the Web server will be operating so as not to interfere with any other Web server on the machine.

When BadBlue is started by default, it can be configured, the program connects to a series of IRC servers . The time it takes to establish the connection is variable, ranging from 15 seconds to 2 minutes.

The program uses the IRC servers as central connection nodes where it searches automatically and without user intervention for other BadBlue instances with which it will connect and exchange files.

In addition it can also be controlled through the PHP programming language .

The new version incorporates several features that make it relatively unique in the world of peer programs, including an integrated planning engine, which incorporates the ability to capture Web pages , write PHP programs and even launch delayed programs, in addition to the discovery of peers using servers and has also incorporated support for Gnutella networks .


BadBlue is a web server that allows file sharing.

You have multiple options:

  • File search.
  • Create screenshotsof the photos.
  • Send or receive files.
  • Convert Office documents ( AccessExcel and Word ) to HTML format to make it easy to share them through the server.
  • In addition to sharing files, the program is a server that can be used to learn how to manage servers or develop applications in PHPor Perl .

Supported operating systems

  • Windows 2000
  • Windows95/98
  • Windows ME
  • Windows NT0
  • Windows Xp


  • RAMmemory : 16 MB


  • It is a simple looking webserver , but with a lot of functionalities.
  • It has the possibility of sharing files with other users, which can be easily managed. In addition, it is possible to establish some permissions on these, such as limiting access to shared files and directories.
  • Users who access the server have the opportunity to search for files, upload files, view images in presentation format or consult Excelsheets .
  • BadBlue resides on the taskbar. To put it into operation it is necessary to choose a free port that the service accesses.
  • Users will connect to the server using the IP address, although the program gives the opportunity to create a domain name that will only be valid on the network where the server is being installed.


The BadBlue web server , for Windows 9x / NT / 2000 environments, is affected by a vulnerability in which an attacker will be able to discover the real directory where the web server is hosted . Furthermore, it is also vulnerable to a denial of service attack.

This problem is related to the way the mentioned server has to make its call to a “dll”. The affected library is ext.dll.

Example: server / ext.dll? Mfcisapicommand = loadpage & page = default.hts.

If you omit the string that continues the call to mode ext.dll, server / ext.dl

BadBlue will reply with an error message showing the full path where the web server runs , Error: opening c: \ program files \ badblue \ pe \ default.htx.

Although this is not an excessively serious problem, nor does it cause data loss, it can allow an attacker to obtain information that can be useful for carrying out a more elaborate attack.

Another possibility that would endanger the Web server is the possibility of suffering a denial of service attack. An attacker can get a buffer overflow and thus cause the server to stop responding if a string of 284 bytes or more is passed as a parameter to ext.dll.

Example: server / ext.dll? Aaaaa (x 248 bytes).


Leave a Comment