Posted on Leave a comment

Windows Subsystem for Linux (WSL) – how to create a Linux hacking toolkit that runs on Windows 10

image thumb 4 1

Windows 10/Ubuntu logos - YouTube

Forget running Kali in a virtual machine (well, at least put it aside for a while). The Windows 10 Anniversary Update includes a whack new feature – Windows Subsystem for Linux or WSL.  Using the new LxssManager service, WSL lets you run a full-featured Ubuntu Linux subsystem on Windows 10.  As Microsoft says,

“The LXSS Manager supports running native ELF binaries.”

Pick yourself up off the floor.  That means a cool little Linux console window and the ability to use APT to install all your favorite Linux hacking tools. The subsystem is kept separate from the Windows core OS which is a plus (however, you can still access your root Windows drive under /mnt).  Even better,  the home directory is maintained even when you uninstall/install the system so you can wipe the system and start anew without losing anything.

Heads up though, it’s marked “beta” and although it seems much cleaner than you’d expect from a beta product, there are some things that don’t work – ICMP and raw sockets for instance. This means one of your favorite hacking tools, nmap, won’t run correctly. I’ve heard however, that this has been given a high priority with MS developers so hopefully we see a fully-functioning, comprehensive networking system very soon.

How to install Windows Subsystem for Linux (WSL)

To get started with Windows Subsystem for Linux (WSL), first install the Windows feature (Control Panel – Programs and Features – Turn Windows features on or off).

Screenshot showing Windows 10 new Windows Subsystem for Linux (Beta) WSL

Next, reboot the computer to initialize and start the newly installed LxssManager service..

Then click Start and type “bash”. Within the console window, you will be prompted to accept a license agreement. Press “y”. The subsystem will download from the Windows Store (actually, it says it’s downloading from the Windows Store but it’s really coming off of MS cloud servers), extract, and install. Once the installation is complete, it will prompt you for a new Unix username and password.

Once the linux subsystem is installed, search for “bash” again and you’ll see the new Bash application with a nice little Ubuntu-like icon.  Pin it to your start menu or your task bar and right-click to set properties (e.g. font size, window size, colors, etc.)  Open a bash shell window or two and start installing your tools using apt.

Below is a bash shell script you can copy to your home directory, chmod to 700, and run to install a starting set of utilities.  Remember, if you save this in your home directory, it’ll be retained even when you reinstall the Linux subsystem.

Shell script to install basic hacking utilities in Windows Subsystem for Linux

Windows Subsystem for Linux (WSL) screenshotThis script will install some basic hacking utilities including w3af (including python), git, and katoolin (Kali linux repository utility), and the basics needed for a private VPN service and Metasploit.  Don’t forget to chmod 700 the script first.  Then run with sudo ./YOUR_SCRIPT_FILE.sh.

#!/bin/bash

sudo apt-get update

sudo apt-get upgrade

sudo apt-get dist-upgrade

sudo apt-get install nmap

sudo apt-get install netcat

sudo apt-get install aircrack-ng

sudo apt-get install dsniff

sudo apt-get install ettercap-text-only

sudo apt-get install w3af

sudo apt-get install kismet

sudo apt-get install scapy

sudo apt-get install john

sudo apt-get install unzip

sudo apt-get install nikto

sudo apt-get install tor

sudo apt-get install git

sudo git clone https://github.com/LionSec/katoolin.git

sudo cp katoolin/katoolin.py /usr/bin/katoolin

sudo chmod ugo+x /usr/bin/katoolin

sudo apt-get install network-manager-openvpn network-manager

sudo apt-get install build-essential libssl-dev libreadline-dev libpq5 libpq-dev libreadline5 libpcap-dev openjdk-7-jre git-core autoconf postgresql libsqlite3-dev pgadmin3 curl zlib1g-dev libxml2-dev curl zlib1g-dev libxslt1-dev vncviewer libyaml-dev

Katoolin is included in the above installation script.  To start katoolin, type “sudo kataoolin”.  Katoolin lets you install packages from the official Kali Linux repository.  As with nmap, not all packages will work in WSL.  In Katoolin, select 1 and press enter to update the repository.  Then select option 2 (view categories) to pick a category and install utilities from the selected category.

Other Linux utilities you may want to install

Here are a few more Linux applications you may wish to install.

Install all the C/C++ build utilities.

sudo apt install build-essential

Install curses for advanced console screen interaction (needed for some text-based games).

sudo apt install libncurses-dev

Grab all the python utilities including pip.

sudo apt install python-pip python-dev
sudo pip install --upgrade pip

Install a improved process monitor – htop.

sudo apt-get install htop

Change the bash color scheme

You can get rid of the mediocre Windows 10 bash color scheme by replacing the bashrc file.  Rename the old file.

cd /etc

sudo mv bash.bashrc bash.bashrc_bkp

Then create a new bashrc file in the /etc directory.

sudo vi bash.bashrc

And paste this code into it.

# /etc/bash.bashrc
#
# https://wiki.archlinux.org/index.php/Color_Bash_Prompt
#
# This file is sourced by all *interactive* bash shells on startup,
# including some apparently interactive shells such as scp and rcp
# that can't tolerate any output. So make sure this doesn't display
# anything or bad things will happen !

# Test for an interactive shell. There is no need to set anything
# past this point for scp and rcp, and it's important to refrain from
# outputting anything in those cases.

# If not running interactively, don't do anything!
[[ $- != *i* ]] && return

# Bash won't get SIGWINCH if another process is in the foreground.
# Enable checkwinsize so that bash will check the terminal size when
# it regains control.
# http://cnswww.cns.cwru.edu/~chet/bash/FAQ (E11)
shopt -s checkwinsize

# Enable history appending instead of overwriting.
shopt -s histappend

case ${TERM} in
 xterm*|rxvt*|Eterm|aterm|kterm|gnome*)
 PROMPT_COMMAND=${PROMPT_COMMAND:+$PROMPT_COMMAND; }'printf "\033]0;%s@%s:%s\007" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/~}"'
 ;;
 screen)
 PROMPT_COMMAND=${PROMPT_COMMAND:+$PROMPT_COMMAND; }'printf "\033_%s@%s:%s\033\\" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/~}"'
 ;;
esac

# fortune is a simple program that displays a pseudorandom message
# from a database of quotations at logon and/or logout.
# If you wish to use it, please install "fortune-mod" from the
# official repositories, then uncomment the following line:

# [[ "$PS1" ]] && /usr/bin/fortune

# Set colorful PS1 only on colorful terminals.
# dircolors --print-database uses its own built-in database
# instead of using /etc/DIR_COLORS. Try to use the external file
# first to take advantage of user additions. Use internal bash
# globbing instead of external grep binary.

# sanitize TERM:
safe_term=${TERM//[^[:alnum:]]/?}
match_lhs=""

[[ -f ~/.dir_colors ]] && match_lhs="${match_lhs}$(<~/.dir_colors)"
[[ -f /etc/DIR_COLORS ]] && match_lhs="${match_lhs}$(</etc/DIR_COLORS)"
[[ -z ${match_lhs} ]] \
 && type -P dircolors >/dev/null \
 && match_lhs=$(dircolors --print-database)

if [[ $'\n'${match_lhs} == *$'\n'"TERM "${safe_term}* ]] ; then
 
 # we have colors :-)

# Enable colors for ls, etc. Prefer ~/.dir_colors
 if type -P dircolors >/dev/null ; then
 if [[ -f ~/.dir_colors ]] ; then
 eval $(dircolors -b ~/.dir_colors)
 elif [[ -f /etc/DIR_COLORS ]] ; then
 eval $(dircolors -b /etc/DIR_COLORS)
 fi
 fi

PS1="$(if [[ ${EUID} == 0 ]]; then echo '\[\033[01;31m\]\h'; else echo '\[\033[01;32m\]\u@\h'; fi)\[\033[01;34m\] \w \$([[ \$? != 0 ]] && echo \"\[\033[01;31m\]:(\[\033[01;34m\] \")\\$\[\033[00m\] "

# Use this other PS1 string if you want \W for root and \w for all other users:
 # PS1="$(if [[ ${EUID} == 0 ]]; then echo '\[\033[01;31m\]\h\[\033[01;34m\] \W'; else echo '\[\033[01;32m\]\u@\h\[\033[01;34m\] \w'; fi) \$([[ \$? != 0 ]] && echo \"\[\033[01;31m\]:(\[\033[01;34m\] \")\\$\[\033[00m\] "

alias ls="ls --color=auto"
 alias dir="dir --color=auto"
 alias grep="grep --color=auto"
 alias dmesg='dmesg --color'

# Uncomment the "Color" line in /etc/pacman.conf instead of uncommenting the following line...!

# alias pacman="pacman --color=auto"

else

# show root@ when we do not have colors

PS1="\u@\h \w \$([[ \$? != 0 ]] && echo \":( \")\$ "

# Use this other PS1 string if you want \W for root and \w for all other users:
 # PS1="\u@\h $(if [[ ${EUID} == 0 ]]; then echo '\W'; else echo '\w'; fi) \$([[ \$? != 0 ]] && echo \":( \")\$ "

fi

PS2="> "
PS3="> "
PS4="+ "

# Try to keep environment pollution down, EPA loves us.
unset safe_term match_lhs

# Try to enable the auto-completion (type: "pacman -S bash-completion" to install it).
[ -r /usr/share/bash-completion/bash_completion ] && . /usr/share/bash-completion/bash_completion

# Try to enable the "Command not found" hook ("pacman -S pkgfile" to install it).
# See also: https://wiki.archlinux.org/index.php/Bash#The_.22command_not_found.22_hook
[ -r /usr/share/doc/pkgfile/command-not-found.bash ] && . /usr/share/doc/pkgfile/command-not-found.bash

Exit the vi editor and write the file using:

:wq

Then in the /etc directory, create a file /etc/DIR_COLORS and paste in these contents:

# Configuration file for the color ls utility
# This file goes in the /etc directory, and must be world readable.
# You can copy this file to .dir_colors in your $HOME directory to override
# the system defaults.

# COLOR needs one of these arguments: 'tty' colorizes output to ttys, but not
# pipes. 'all' adds color characters to all output. 'none' shuts colorization
# off.
COLOR all

# Extra command line options for ls go here.
# Basically these ones are:
# -F = show '/' for dirs, '*' for executables, etc.
# -T 0 = don't trust tab spacing when formatting ls output.
OPTIONS -F -T 0

# Below, there should be one TERM entry for each termtype that is colorizable
TERM linux
TERM console
TERM con132x25
TERM con132x30
TERM con132x43
TERM con132x60
TERM con80x25
TERM con80x28
TERM con80x30
TERM con80x43
TERM con80x50
TERM con80x60
TERM xterm
TERM xterm-color
TERM vt100
TERM rxvt
TERM rxvt-256color
TERM rxvt-cygwin
TERM rxvt-cygwin-native
TERM rxvt-unicode
TERM rxvt-unicode-256color
TERM rxvt-unicode256
TERM screen

# EIGHTBIT, followed by '1' for on, '0' for off. (8-bit output)
EIGHTBIT 1

# Below are the color init strings for the basic file types. A color init
# string consists of one or more of the following numeric codes:
# Attribute codes: 
# 00=none 01=bold 04=underscore 05=blink 07=reverse 08=concealed
# Text color codes:
# 30=black 31=red 32=green 33=yellow 34=blue 35=magenta 36=cyan 37=white
# Background color codes:
# 40=black 41=red 42=green 43=yellow 44=blue 45=magenta 46=cyan 47=white
NORMAL 00 # global default, although everything should be something.
FILE 00 # normal file
DIR 01;34 # directory
LINK 01;36 # symbolic link
FIFO 40;33 # pipe
SOCK 01;35 # socket
BLK 40;33;01 # block device driver
CHR 40;33;01 # character device driver

# This is for files with execute permission:
EXEC 01;32

# List any file extensions like '.gz' or '.tar' that you would like ls
# to colorize below. Put the extension, a space, and the color init string.
# (and any comments you want to add after a '#')
.cmd 01;32 # executables (bright green)
.exe 01;32
.com 01;32
.btm 01;32
.bat 01;32
.tar 01;31 # archives or compressed (bright red)
.tgz 01;31
.arj 01;31
.taz 01;31
.lzh 01;31
.zip 01;31
.z 01;31
.Z 01;31
.gz 01;31
.jpg 01;35 # image formats
.gif 01;35
.bmp 01;35
.xbm 01;35
.xpm 01;35
.tif 01;35

Resetting Windows Subsystem for Linux (WSL) via the lxrun command

If you jack up WSL, it’s easy to recover by simply removing and reinstalling.  To uninstall, open a command window (Windows Command window, not base) and use:

Lxrun /uninstall

This option will leave your home directory untouched.  Then use this command to reinstall the system:

Lxrun /install

Your home directory will be left untouched which means you can run your toolkit installation script above to reinstall your hacking toolkit.

Sources: Microsoft
Leave a Reply

Your email address will not be published. Required fields are marked *