Using the Windows Subsystem for Linux

+
Reading Time: 4 mins
Section: Blog Posts
Categories: blog
Tags: Windows Linux tech

1. So what is WSL?

WSL1

Simply put, it’s a kernel interface (lxcore & lxss) that allows 64-bit Linux binaries to run on a Window 10 or Windows Server 2019 kernel.

All you need to do is add the userland (file system structure and programs) from an existing Linux distribution, such as Ubuntu, Kali, Debian or SUSE, and that Linux distribution will run natively on the Windows kernel!

You must access the Linux distribution via a Windows program that associates the userland of the Linux distribution to the WSL (e.g. for Kali Linux, this would be kali.exe), and you can install and use multiple Linux distribution userlands simultaneously with the WSL.

WSL was designed to support developers who have the need to create and test Linux software on Windows, without having to mess around with virtual machines running Linux. And because it’s a developer technology, Microsoft is actively changing it all the time.

If you are interested in learning more about its architecture in depth, visit https://blogs.msdn.microsoft.com/wsl/2016/04/22/windows-subsystem-for-linux-overview/. It’s a bit outdated (for example, replace bash.exe below with kali.exe for the Kali Linux userland), but it provides a great amount of depth.

WSL2

2. How do I install WSL and a Linux userland on Win10?

Simply navigate to Settings, Update & Security and For developers. Next, enable Developer mode and reboot. Finally navigate to Apps and Features, Programs and Features, Turn Windows features on or off, and add the WSL feature. This process is illustrated in the following screenshots:

WSL3

WSL4

WSL5

WSL6

Next, you can navigate to the Windows Store and search for Linux. There are currently five different Linux distributions that you can install - each one is approximately a 200MB download (800MB - 1.2GB footprint following installation before software is added). Make sure you read the notes next to the distribution you install for important links and information. In the following screenshots, I chose to install the Kali Linux distribution.

WSL7

WSL8

WSL9

3. Completing the installation and using your Linux distribution:

One the download has completed, you can start your Linux distribution for the first time using the appropriate command (or icon on the Start menu):

  • Ubuntu: ubuntu.exe
  • openSUSE Leap 42: opensuse-42.exe
  • SUSE Linux Enterprise Server 12: sles-12.exe
  • Debian: debian.exe
  • Kali: kali.exe

Since I installed Kali Linux, I ran kali.exe, and was prompted to specify a UNIX username and password, since it was my first time accessing the distribution:

WSL10

You can then proceed to give the root user a password (sudo passwd root), update your distribution, install software, and access Windows volumes like C:. Kali Linux also comes with a script you can download to install X.org (which can be accessed using Remote Desktop Connection on port 3390). Here are some relevant commands for Kali Linux:

  • su –
  • apt-get update
  • wget https://kali.sh/xfce4.sh && sh xfce.sh
  • /etc/init.d/xrdp start (connect to localhost:3390 within Remote Desktop Connection)
  • apt install metasploit-framework
  • apt install ssh
  • apt install xbill
  • apt install apache2 (or whole LAMP stack, if you like)
  • apachectl start (connect to localhost:80 within a Windows Web browser)
  • ls /mnt/c

Some important paths to understand include:

  • C:\Users\name\AppData\Local\Microsoft\WindowsApps\KaliLinux.*\kali.exe (this is the actual executable for the Linux distribution)
  • C:\Users\name\AppData\Local\Packages\KaliLinux.*\ (this stores your Linux distribution userland (in this case Kali Linux)

You should add this folder as an exception within your AV software if it barks at you!

  • C:\Users\name\AppData\Local\Packages\KaliLinux.*\LocalState\rootfs

This allows you to access the root filesystem in your Linux distribution userland. It uses a special filesystem called is VolFs. Copying to VoIFs is flakey, but accessing C:\ from WSL (/mnt/c) is not flakey. This means that you must use symlinks to access Windows dev content (via /mnt/c).

Since WSL is only a kernel interface, and not a real Linux kernel, any software the requires kernel modules or low-level access to Linux components, such as the IP stack, will produce and error if you try to execute them (unless Microsoft builds the equivalent functionality into WSL). This includes programs like nmap, Wireshark, and so on. Remember that WSL was designed for developers. However, it can easily be used to perform remote administration of other systems (ssh and python work very well), or even provide remote systems the ability to connect to Windows via sshd (openssh-server). Plus, it looks cool - look ma, I’m running Linux without virtual machines!