From bcaa6e90f65a4a80596371b8bea3a9257cac7aff Mon Sep 17 00:00:00 2001
From: Wei Chen <wei_chen@rapid7.com>
Date: Fri, 31 Aug 2018 13:37:23 -0500
Subject: [PATCH] Fix targeting

---
 lib/msf/base/simple/evasion.rb                | 11 ++++++
 lib/msf/core/evasion_driver.rb                | 36 ++++++++++++++-----
 .../evasion/windows/windows_defender_exe.rb   |  6 ++--
 3 files changed, 41 insertions(+), 12 deletions(-)

diff --git a/lib/msf/base/simple/evasion.rb b/lib/msf/base/simple/evasion.rb
index 735124a5ff..032f395a29 100644
--- a/lib/msf/base/simple/evasion.rb
+++ b/lib/msf/base/simple/evasion.rb
@@ -57,6 +57,17 @@ module Evasion
       # Verify the payload options
       driver.payload.options.validate(driver.payload.datastore)
 
+      # Set the target and then work some magic to derive index
+      evasion.datastore['TARGET'] = opts['Target'] if opts['Target']
+      target_idx = evasion.target_index
+
+      if (target_idx == nil or target_idx < 0)
+        raise MissingTargetError,
+          "You must select a target.", caller
+      end
+
+      driver.target_idx = target_idx
+
       # Set the payload and evasion's subscriber values
       if ! opts['Quiet']
         driver.evasion.init_ui(opts['LocalInput'] || evasion.user_input, opts['LocalOutput'] || evasion.user_output)
diff --git a/lib/msf/core/evasion_driver.rb b/lib/msf/core/evasion_driver.rb
index b7cae1a415..b0c6ae7cf6 100644
--- a/lib/msf/core/evasion_driver.rb
+++ b/lib/msf/core/evasion_driver.rb
@@ -6,7 +6,7 @@ module Msf
 class EvasionDriver
 
   #
-  # Initializes the exploit driver using the supplied framework instance.
+  # Initializes the evasion driver using the supplied framework instance.
   #
   def initialize(framework)
     self.payload                = nil
@@ -17,12 +17,30 @@ class EvasionDriver
     self.semaphore              = Mutex.new
   end
 
+  def target_idx=(target_idx)
+    if (target_idx)
+      # Make sure the target index is valid
+      if (target_idx >= evasion.targets.length)
+        raise Rex::ArgumentError, "Invalid target index.", caller
+      end
+    end
+
+     # Set the active target
+    @target_idx = target_idx
+  end
+
+  def target_idx
+    @target_idx
+  end
+
+
   #
   # Checks to see if the supplied payload is compatible with the
-  # current exploit.  Assumes that target_idx is valid.
+  # current evasion module.  Assumes that target_idx is valid.
   #
   def compatible_payload?(payload)
-    return ((payload.platform & evasion.platform).empty? == false)
+    evasion_platform = evasion.targets[target_idx].platform || evasion.platform
+    return ((payload.platform & evasion_platform).empty? == false)
   end
 
   def validate
@@ -37,15 +55,15 @@ class EvasionDriver
         "Incompatible payload", caller
     end
 
-    # Associate the payload instance with the exploit
+    # Associate the payload instance with the evasion
     payload.assoc_exploit = evasion
 
-    # Finally, validate options on the exploit module to ensure that things
+    # Finally, validate options on the evasion module to ensure that things
     # are ready to operate as they should.
     evasion.options.validate(evasion.datastore)
 
     # Validate the payload's options.  The payload's datastore is
-    # most likely shared against the exploit's datastore, but in case it
+    # most likely shared against the evasion's datastore, but in case it
     # isn't.
     payload.options.validate(payload.datastore)
 
@@ -53,12 +71,12 @@ class EvasionDriver
   end
 
   #
-  # Kicks off an exploitation attempt and performs the following four major
+  # Kicks off an evasion attempt and performs the following four major
   # operations:
   #
   #   - Generates the payload
   #   - Initializes & monitors the handler
-  #   - Launches the exploit
+  #   - Launches the evasion
   #   - Cleans up the handler
   #
   def run
@@ -72,7 +90,7 @@ class EvasionDriver
     evasion.job_id = nil
 
     # Generate the encoded version of the supplied payload on the
-    # exploit module instance
+    # evasion module instance
     evasion.generate_payload(payload)
 
     # No need to copy since we aren't creating a job.  We wait until
diff --git a/modules/evasion/windows/windows_defender_exe.rb b/modules/evasion/windows/windows_defender_exe.rb
index 0323b39ce7..1db3ad84ed 100644
--- a/modules/evasion/windows/windows_defender_exe.rb
+++ b/modules/evasion/windows/windows_defender_exe.rb
@@ -78,12 +78,12 @@ int main() {
 
   def run
     puts target.inspect
-=begin
-    puts c_template
+
+    #puts c_template
     bin = Metasploit::Framework::Compiler::Windows.compile_random_c(c_template)
     print_status("Compiled binary size: #{bin.length}")
     file_create(bin)
-=end
+
   end
 
 end
\ No newline at end of file