# WSL Pentesting

WSL (Windows Subsystem for Linux) is a feature of Windows that allows developers to run a Linux environment without the need for a separate virtual machine or dual booting.

### Enumeration <a href="#enumeration" id="enumeration"></a>

#### Interesting Information <a href="#interesting-information" id="interesting-information"></a>

Run the following commands in WSL.

```
# Configuration
cat /etc/wsl.conf

# IP address of host machine
ip route | grep default

# IP address of WSL itself
ip a
# or
hostname -I
```

### Escape WSL to Windows Host Machine <a href="#escape-wsl-to-windows-host-machine" id="escape-wsl-to-windows-host-machine"></a>

If we’are currently on WSL machine, we can access to the host Windows machine as below.

```
cd /mnt/c/
```

If **`/mnt/c/`** is empty, we need to mount the folder by running the following command.

```
cd /

# -t: Limit the set of filesystem types
# drvfs: A plugin for WSL
# C: : Specify the Windows root
mount -t drvfs C: /mnt/c
```

### Switch Default User to Root <a href="#switch-default-user-to-root" id="switch-default-user-to-root"></a>

The following command changes the default user to `root` when booting WSL. This could potentially be used to escalate privileges.\
Run it on PowerShell:

```
wsl config --default-user root
```