> For the complete documentation index, see [llms.txt](https://oscp.adot8.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://oscp.adot8.com/windows-privilege-escalation/windows-subsystem-for-linux.md).

# Windows Subsystem for Linux

## Overview

**WSL** allows a user to run Linux on top on the Windows system making it a... subsystem. However, with this comes vulnerabilities like the ability to create a elevated bind shell, with root privileges, to the **Windows** machine on any port.

{% embed url="<https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---windows-subsystem-for-linux-wsl>" %}

## Escalation via WSL

```powerquery
where /R C:\Windows bash.exe
where /R C:\Windows wsl.exe
```

```
bash.exe
python -c 'import pty;pty.spawn("/bin/bash")';
```

{% hint style="info" %}
Check the history for easy wins
{% endhint %}
