WSL Pentesting

Last modified: 2024-09-25

WSL (Windows Subsystem for Linux) is a feature of Windows that allows developers to run a Linux environment without the need for a separate virtual machine or dual booting.

Enumeration

Interesting Information

Run the following commands in WSL.

# Configuration
cat /etc/wsl.conf

# IP address of host machine
ip route | grep default

# IP address of WSL itself
ip a
# or
hostname -I

Escape WSL to Windows Host Machine

If we’are currently on WSL machine, we can access to the host Windows machine as below.

cd /mnt/c/

If /mnt/c/ is empty, we need to mount the folder by running the following command.

cd /

# -t: Limit the set of filesystem types
# drvfs: A plugin for WSL
# C: : Specify the Windows root
mount -t drvfs C: /mnt/c

Switch Default User to Root

The following command changes the default user to root when booting WSL. This could potentially be used to escalate privileges.
Run it on PowerShell:

wsl config --default-user root

Active Directory

Protocol

Service

Privilege Escalation

Post Exploitation

Forensics

PowerShell

WSL

Technique

WSL Pentesting

Enumeration

Interesting Information

Escape WSL to Windows Host Machine

Switch Default User to Root

ON THIS PAGE