WSL Pentesting

WSL (Windows Subsystem for Linux) is a feature of Windows that allows developers to run a Linux environment without the need for a separate virtual machine or dual booting.

Enumeration

Interesting Information

Run the following commands in WSL.

# Configuration
cat /etc/wsl.conf

# IP address of host machine
ip route | grep default

# IP address of WSL itself
ip a
# or
hostname -I

Escape WSL to Windows Host Machine

If we’are currently on WSL machine, we can access to the host Windows machine as below.

cd /mnt/c/

If /mnt/c/ is empty, we need to mount the folder by running the following command.

cd /

# -t: Limit the set of filesystem types
# drvfs: A plugin for WSL
# C: : Specify the Windows root
mount -t drvfs C: /mnt/c

Switch Default User to Root

The following command changes the default user to root when booting WSL. This could potentially be used to escalate privileges. Run it on PowerShell:

wsl config --default-user root

PreviousSMB (Server Message Block) Pentesting NextLAPS (Local Administrator Password Solution) Pentesting

Last updated 1 month ago

hashtagEnumeration

hashtagInteresting Information

hashtagEscape WSL to Windows Host Machine

hashtagSwitch Default User to Root

Enumeration

Interesting Information

Escape WSL to Windows Host Machine

Switch Default User to Root