PHP Server Botnet?

If you find a site with a file inclusion or upload vulnerability that lets you upload a web shell, and then you have a web shell on it and there are some files or directories where you have rwx permissions, could you somehow turn that web server into a bot for a botnet? I have heard of IRC bots like EggDrop or Tsunami (old, I know), but I wonder if there is something web or PHP-based that could do something similar. After all, if you have a web shell on a site, that means it's running PHP.

Just curious for research purposes, not anything malicious. The only way to learn how to secure stuff is to learn how it gets pwned.

For a local VM-only research botnet, I don't want (or need) to actually pay mone to register domain names, right? I could just use /etc/hosts and redirect the domains to a server that way. But can you do something like /etc/hosts but with regex instead of hardcoding every single literal domain name?