Exploits of a child exploit for an old Linux program, which allows users to send sensitive data over the internet, are making headlines in India, where the government has been cracking down on child exploitation and cybercrime.
The Blue Keep exploit is an old version of Linux that’s still in use and can be used to exploit vulnerable Linux systems in the form of programs and applications, but the exploits have recently been coming out on the web.
In the case of Blue Keep, which is designed for running a system that’s running older versions of the Linux kernel, users can run it and receive data that can be sent over the network without their knowledge, said Niranjan Gupta, a security researcher with the antivirus software company Rapid7.
The program is installed in the Linux Kernel source code, so any malicious code installed on a system can be run without any permissions, Gupta said.
Once the program is running, the user is then asked to send a few bytes of data over a TCP/IP connection to an address on the Internet.
This can be done using the ‘Blue Keep’ protocol, which involves a few lines of code, he said.
Blue Keep is available in many Linux distributions, including Ubuntu, Red Hat, Debian and others, Gupta added.
It can be installed as a package with the ‘apt-get’ command.
Gupta said he discovered the exploit while searching for vulnerabilities in Blue Keep by trying to install the program and running it in a VM.
He found that the Blue Keep executable was in a subdirectory of /lib/modules/libbluekeep.so, which was not present in the Ubuntu and Debian sources.
Blue Keep can be downloaded from the Rapid7 web site.
While the Blue Hand exploit only allows a single user to run it, the Blue Stick exploit, also known as the “Elastius” exploit, allows the administrator to run multiple instances of the program.
The ELastius exploit can be enabled by a user’s home directory and then run by the administrator.
Guidanka said he found two versions of Blue Stick on the Rapid 7 website, which he shared on his blog.
The first version, which contains all the required files and functions, is available on a website called ELastix.
The second version, called Blue Stick, contains only the blue-ish strings of the executable.
He also shared a screenshot of the first version of Blue Hand on his site.
In a tweet, Gupta wrote: “Blue Stick has been added to ELastyx exploit suite.
It is a simple and secure version of the Blue Hat exploit.”
ELastices version is named Blue Stick.
It contains the executable bluekeep.exe and some of the necessary files, Gupta noted.
In another tweet, he added: “This version of ELasticks Blue Stick is the same as the ELastice Blue Stick.”
Gupta also shared his findings on Twitter.
ELastx is a family of open source Linux security tools, often used to detect and block malicious code.
ELas is a company that sells Blue Stick and Blue Stick ELas.