WSL
The tweet that started it all https://x.com/Warlockobama/status/1067890915753132032?mx=2
Look inside of the directory, the full path usually looks like this
C:\Users\%USERNAME%\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\rootfs\usually its somewhere there if its not then look here in this folder and look for anything that starts with CanonicalGroupLimited
C:\Users\%USERNAME%\AppData\Local\PackagesNow because we are root in the WSL, we need to remember that all we need to do is basically just look for credentials. go password hunting, so I did in the .bash_history
another alternative is Getting a python shell inside of it.
With root privileges Windows Subsystem for Linux (WSL) allows users to create a bind shell on any port (no elevation needed). Don't know the root password? No problem just set the default user to root W/ .exe --default-user root. Now start your bind shell or reverse.
wsl whoami./ubuntun1604.exe config --default-user rootwsl whoamiwsl python -c 'BIND_OR_REVERSE_SHELL_PYTHON_CODE'Binary bash.exe can also be found in C:\Windows\WinSxS\amd64_microsoft-windows-lxssbash_[...]\bash.exe
Last updated