Add README.md
This commit is contained in:
@@ -0,0 +1,39 @@
|
||||
# WSL2 9P MitM PoC
|
||||
|
||||
Patches Windows file reads in-flight at the kernel level — the file on disk stays unchanged, but any process reading it through WSL2 gets tampered content.
|
||||
|
||||
## Requirements
|
||||
|
||||
- Windows 11 with WSL2
|
||||
- Ubuntu (or any WSL2 distro) with `sudo` access
|
||||
- `build-essential` installed in WSL2
|
||||
|
||||
Install build tools if needed:
|
||||
```bash
|
||||
sudo apt update && sudo apt install -y build-essential
|
||||
```
|
||||
|
||||
## Run
|
||||
|
||||
Open a WSL2 terminal, navigate to this folder, and run:
|
||||
|
||||
```bash
|
||||
sudo bash run.sh
|
||||
```
|
||||
|
||||
That's it. The script builds the kernel module, loads it, writes a test file to Windows, reads it back through WSL2, and confirms the patch worked.
|
||||
|
||||
## Expected output
|
||||
|
||||
```
|
||||
[+] main.ko built
|
||||
[*] real content:
|
||||
WSL2_9P_MITM_TARGET ← what's actually on disk
|
||||
[*] reading same file through WSL2 drvfs (9P):
|
||||
PWNED by NJL ← what WSL2 returns
|
||||
[CONFIRMED] in-flight 9P read patched — host file unchanged, WSL read tampered
|
||||
```
|
||||
|
||||
## How it works
|
||||
|
||||
WSL2 accesses `C:\` through a protocol called 9P over a virtual network socket. This kernel module hooks the 9P read function and replaces matching content before it reaches userspace — without touching the actual file.
|
||||
Reference in New Issue
Block a user