Doas Privilege Escalation
Last modified: 2023-03-07
doas executes arbitrary commands as another user. It's similar to sudo command. doas.conf is interesting to privilege escalation.
Investigation
First of all, search location of doas.conf.
find / -type f -name "doas.conf" 2>/dev/null
Next check the configuration.
doas -C /path/to/doas.conf
doas -C /etc/doas.conf
# or
cat /etc/doas.conf
Execute doas as below.
doas -u root <command> <arg>
Please also refer to GTFOBins to PrivEsc.