Doas Privilege Escalation
Last modified: Tue Mar 07 2023 00:00:00 GMT+0000 (Coordinated Universal Time)
Linux
Privilege Escalation
doas executes arbitrary commands as another user. It's similar to sudo command. doas.conf is interesting to privilege escalation.
Investigation
First of all, search location of doas.conf.
find / -type f -name "doas.conf" 2>/dev/null
Next check the configuration.
doas -C /path/to/doas.conf
doas -C /etc/doas.conf
# or
cat /etc/doas.conf
Execute doas as below.
doas -u root <command> <arg>
Please also refer to GTFOBins to PrivEsc.