Abusing Bash for Windows

Explore the vulnerabilities and potential exploits of Bash for Windows in this 18-minute conference talk from Hack.lu 2018. Dive into the installation process, key differences from traditional Bash, and its relationship with Cygwin. Learn how to establish remote shells, add packages, and deploy ELF Meterpreter shells. Discover techniques for hiding remote shells, extracting passwords and hashes, and bypassing Applocker restrictions. Gain insights into forensic analysis and understand the prerequisites for exploiting Bash on Windows. Enhance your cybersecurity knowledge with practical demonstrations of backdoor creation, privilege escalation, and domain password retrieval.

Introduction
Backdoor Bash on Windows
Bash on Windows - Previous research
Bash on Windows - Installation
Bash on Windows - Main difference
Bash on Windows - Where is Cygwin?
Bash on Windows - From Windows
Bash on Windows - Fun facts
Prerequisites
Remote shell - Having a Remote Shell
Remote shell - Add a package
Remote shell - Having a ELF Meterpreter Shell
Remote shell - Hide a Remote Shell
Get passwords and hashes
Get Domain Hash
On the attacker
Get Bash sudo password
On the victim (alternative)
Get Domain Password
Ask for local admin privileges
Bypass Applocker - Run a script
Bypass Applocker - Run a binary
Forensic