WSL

The tweet that started it all https://x.com/Warlockobama/status/1067890915753132032?mx=2

Look inside of the directory, the full path usually looks like this

C:\Users\%USERNAME%\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\rootfs\

usually its somewhere there if its not then look here in this folder and look for anything that starts with CanonicalGroupLimited

C:\Users\%USERNAME%\AppData\Local\Packages

Now because we are root in the WSL, we need to remember that all we need to do is basically just look for credentials. go password hunting, so I did in the .bash_history

another alternative is Getting a python shell inside of it.

With root privileges Windows Subsystem for Linux (WSL) allows users to create a bind shell on any port (no elevation needed). Don't know the root password? No problem just set the default user to root W/ .exe --default-user root. Now start your bind shell or reverse.

wsl whoami./ubuntun1604.exe config --default-user rootwsl whoamiwsl python -c 'BIND_OR_REVERSE_SHELL_PYTHON_CODE'

Binary bash.exe can also be found in C:\Windows\WinSxS\amd64_microsoft-windows-lxssbash_[...]\bash.exe