WSL

Windows Subsystem for Linux

Enumeration

Search for bash.exe:

where /R c:\Windows bash.exe

If bash.exe exists on the machine, then WSL is installed.

Exploitation

Search for admin password on the system, for example, using the history command. If we get a SMB password, we can get a shell with impacket-smbexec:

impacket-smbexec '<username>:<password>'@<target_ip>

Lab: Hack The Box - SecNotes

PreviousPasswords and Port ForwardingNextToken Impersonation and Potato Attacks

Last updated