Skip to content

Doas Privilege Escalation

doas executes arbitrary commands as another user. It's similar to sudo command. doas.conf is interesting to privilege escalation.

Investigation

First of all, search location of doas.conf.

find / -type f -name "doas.conf" 2>/dev/null

Next check the configuration.

doas -C /path/to/doas.conf
doas -C /etc/doas.conf
# or
cat /etc/doas.conf

Execute doas as below.

doas -u root <command> <arg>

Please also refer to GTFOBins to PrivEsc.