Fixes to the WMI setup

Author: David Maloney

lib/msf/core/exploit/winrm.rb

@@ -27,7 +27,6 @@ def initialize(info = {})
 				OptString.new('URI', [ true, "The URI of the WinRM service", "/wsman" ]),
 				OptString.new('USERNAME', [ false, 'A specific username to authenticate as' ]),
 				OptString.new('PASSWORD', [ false, 'A specific password to authenticate with' ]),
-				OptString.new('NAMESPACE', [true, 'The WMI namespace to use for queries', '/root/cimv2/'])
 			], self.class
 		)
 
@@ -324,6 +323,12 @@ def target_url
 		end
 	end
 
+	def wmi_namespace
+		return datastore['NAMESPACE'] if datastore['NAMESPACE']
+		return @namespace_override if @namespace_override
+		return "/root/cimv2/"
+	end
+
 
 	private
 
@@ -434,7 +439,7 @@ def winrm_header(data)
 	def winrm_uri_action(type)
 		case type
 		when "wql"
-			return %Q{<w:ResourceURI mustUnderstand="true">http://schemas.microsoft.com/wbem/wsman/1/wmi#{datastore['NAMSPACE']}*</w:ResourceURI>
+			return %Q{<w:ResourceURI mustUnderstand="true">http://schemas.microsoft.com/wbem/wsman/1/wmi#{wmi_namespace}*</w:ResourceURI>
 			<a:Action mustUnderstand="true">http://schemas.xmlsoap.org/ws/2004/09/enumeration/Enumerate</a:Action>}
 		when "create_shell"
 			return %q{<w:ResourceURI mustUnderstand="true">http://schemas.microsoft.com/wbem/wsman/1/windows/shell/cmd</w:ResourceURI>

modules/auxiliary/scanner/winrm/winrm_wql.rb

@@ -40,7 +40,8 @@ def initialize
 			[
 				OptString.new('WQL', [ true, "The WQL query to run", "Select Name,Status from Win32_Service" ]),
 				OptString.new('USERNAME', [ true, "The username to authenticate as"]),
-				OptString.new('PASSWORD', [ true, "The password to authenticate with"])
+				OptString.new('PASSWORD', [ true, "The password to authenticate with"]),
+				OptString.new('NAMESPACE', [true, 'The WMI namespace to use for queries', '/root/cimv2/'])
 			], self.class)
 	end