Introduction

So with the release of Windows 20.04 over the last week, we’ve finally got the opportunity to use WSL2 without being subscribed to Windows Insider. After upgrading and getting WSL2 setup, I started thinking about how I could use this as part of my standard pentesting workflow.

One good practice for pentesting is to create a clean environment for every test you do, to avoid data from one test getting picked up in another and to keep your tooling versions clean. Tools like Ansible are very handy for the packaging piece, I’ve got some playbooks for adding container security tooling to an Ubuntu setup on GitHub, but that still leaves the creation of the base install. Also another challenge can be integrating your pentest environment with your main system.

With these challenges in mind it seemed like WSL2 could make things easier by providing lightweight virtualized environments with good integration with a Windows host. What we’ll need however is a way to create “template” WSL2 instances. By default with WSL and WSL2 you install distributions from the Windows store, but that doesn’t quite fit our use case as what I’m looking to do here is create a new one per test.

Luckily WSL2 is pretty flexible and we can work round this easily. The steps below are based on the process in this blog. From that we can see that it’s possible to import and export root filesystems to create WSL distributions (kind of the same way you can use --export and --import in Docker)

Creating a Custom Distribution

The first thing we’ll need is a root filesystem. Luckily Ubuntu make their WSL root filesystem available for download, which is availble here. For this walkthrough I’ve created a directory on my Windows C: drive called “WSL”, we’ll place the rootfs files in c:\WSL\wslrootfs and the distros in c:\WSL\wsldistros\

• Download the file above to the wslrootfs directory.
• Run wsl.exe --import baseubu C:\wsl\wsldistros\baseubu\ C:\wsl\wslrootfs\ubuntu-20.04-server-cloudimg-amd64-wsl.rootfs.tar.gz

In this command baseubu Is just a name you want to assign so for example a specific project. c:\wsl\wsldistros\baseubu\ is the directory on your machine you want to place the virtual disk file for the distribution and then we have the distro file we downloaded

At this point you have a clean install of ubuntu 20.04 to use. You can then easily access each distribution you have available with Windows Terminal which places them all on a tab drop-down for easy access.

Adding Docker into our distribution

If you’ve got Docker for Windows installed, you can also easily integrate it into this environment, so you can get all your favourite container based goodies working. To do this, go into Docker’s settings, go to Resources–> WSL Integration. You’ll see a list of your distributions, including the one you’ve just imported. Flick the slider next to it to “on” , then click “apply and restart” and all your docker commands should work just fine then next time you start a session with that distro.

Visual Studio Code Integration

Another nice Add-On that WSL2 brings is integration with Visual Studio Code. This means that the filesystem that VS Code sees is your WSL2 distro and you can open a terminal inside VS Code that works inside the distro too. For this just install the “Remote - WSL” plugin, then you can use the “Remote Explorer” button on the left hand side of the VS Code Window, to open a directory inside WSL.

You can also get other VS Code plugins working inside the WSL environment, so things like the Docker and Kubernetes plugins can be installed and will work from that perspective too.

Host Filesystem Integration

In common with WSL1 the host’s filesystem is visible inside the distro. It’ll be mounted at /mnt/c/ so you can easily copy files into and out of the environment.

Customizing our Distribution for Container Work

Once we’re up and running we can customize our environment for the test type we’re using. I’m using some ansible playbooks for this from this repo.

• Install ansible first. If you’re using Ubuntu 20.04 you can just apt update && apt install -y ansible to get that working
• Then run the playbook ansible-playbook wsl_container_workstation.yml and it sets up the necessary tooling

Using our WSL distro as a template

Now that we’ve got the tooling we want installed, if we don’t want to re-run the ansible playbook for every test, we can export the rootfs for later use.

wsl --export baseubu c:\wsl\wslrootfs\containersec

Then we can create new instances based off this by importing the containersec file we just created

wsl --import test1 c:\wsl\wsldistros\test1\ c:\wsl\wslrootfs\containersec

and when we start it up, all our tools are in place :)

Cleaning up

Once you’re finished with it, it can just be removed with wsl.exe --unregister <Name>. This will delete the virtual disk file and leave everything nice and clean.

Conclusion

Overall I think that WSL2 along with Windows Terminal, Visual Studio Code, and Docker for Windows, can provide a very nice Linux based environment inside a host Windows OS. So for environments where you can’t, or don’t want to, run Linux as your base OS, it becomes fairly easy to set-up your tooling the way you want it to work.