PHP Server Botnet?

If you find a site with a file inclusion or upload vulnerability that lets you upload a web shell, and then you have a web shell on it and there are some files or directories where you have rwx permissions, could you somehow turn that web server into a bot for a botnet? I have heard of IRC bots like EggDrop or Tsunami (old, I know), but I wonder if there is something web or PHP-based that could do something similar. After all, if you have a web shell on a site, that means it's running PHP.

Just curious for research purposes, not anything malicious. The only way to learn how to secure stuff is to learn how it gets pwned.

>>4
thanks for the info, very fascinating stuff

you register those domains and depneding on the date you point them to your're are server/

how would you do that without doxxing yourself? you need to provide payment info and shit
maybe people would just go to dark web ``carders'' or something?

and what if someone reverse engineers the DGA and then registers the domains used in the future? they could sinkhole it