Kali and WSL2

WSL for but it has not proved to be very useful. Most of this was due to limitations placed on certain system calls, especially those that revolve . Additional issues related to speed, particularly I/O were also problematic. Kali WSL was largely relegated after an assessment has been completed to report functions. It is a cool technology and a great engineering feat. However, the system was just not very useful in field.

We were thrilled to see , but we also wanted to know what it could mean for Kali WSL’s use. We were therefore excited to see WSL 2 in the and wanted to explore what changes had been made.

Conversion to WSL2

Once you’ve installed Windows Insider, it is easy to convert Kali WSL1 to Kali WSL2

We were pleasantly surprised to find that we didn’t need to do any extra work to support WSL2. Kali’s WSL distribution is fine and can be converted to your current installation. states that you can set WSL2 to your default, even if Kali is not installed.

This was an unexpected surprise and Kali will be ready to go for WSL 2 today.

Kali WSL2 Usage

Okay, WSL 2 does work with Kali. But is it really useful? It’s still too early for us to know how WSL 2 will work. We do have a few observations.

It seems that basic usage such as installing packages and updating Kali appears to be fine.

But, installing something isn’t enough. The real question is, does it actually work? Nmap was a tool that we needed to check immediately. This has been an issue with WSL since the beginning. The screenshot shows that a simple Nmap scan is possible right from the box. This is great news, and it’s very encouraging for WSL 2, as the program continues to develop.

This shouldn’t surprise you, however. WSL 2 is a very low overhead and optimized VM. For those who’ve been using WSL since a long time, this has led to some significant changes. This includes filesystem interaction, network, process spaces and networking. As WSL matures, this brings up some issues we’ll need to keep an eye on.

In the latest release, all networking seems to have been NATed.

Microsoft says:

The WSL 2 Preview’s initial builds will require you to connect to any Linux server via Windows with the IP address from your Linux distro. You can also access Windows servers from Linux from Windows by using the host address. It is temporary and is a problem that we are working hard to resolve.

Bridged mode is not recommended. Any Kali user who has used Kali on a VM will know that it is better to use Kali bridged mode and not NAT for actual assessment work. Reverse shells will not be possible with the current version of Kali without port forwarding from the Windows side. We don’t know yet how strong the NAT engine is. Although scans of WSL2 can now be performed, the results will not yet reveal how significant the NAT engine has an impact on them.

The process space in a VM is distinct.

It is quite interesting because it could allow Kali WSL 2 as an endpoint protection bypass. You could install Kali instances and use them to pivot instead of using the Windows 10 base operating system if you have code execution. It remains to be determined as the technology is still under development. Microsoft appears to desire to bring together Linux and Windows as seamlessly as possible. This is an intriguing item that you should be watching.

WSL 2’s Filesystem is now on a Virtual Disk.

A virtual disk is used to store the WSL 2 instance, similar to traditional VMs. One of the WSL problems that could arise in the past was that Kali tools might trigger anti-virus protections. You would need to exclude the Kali WSL location where the Kali files are stored on Windows.

It’s now in a virtual drive, similar to the process space isolation. We will see how AV handles it. AV currently ignores the virtual disk and it’s contents. However, WSL 2 will soon be widely available so it is possible that AV products can become WSL 2-aware. This is something that we need to keep an eye on.

All in all

WSL 2 as it is now, is an interesting technology that’s definitely worth your attention. It is still in beta, so there will be many changes over the years. We will monitor its progress and look for ways to improve WSL 2. It is already more efficient than WSL 1 in production usage. WSL 1 can still be used on WSL 2 systems, so WSL users have the option to choose what works best.