Doas Privilege Escalation

Last modified: Tue Mar 07 2023 00:00:00 GMT+0000 (Coordinated Universal Time)

Linux Privilege Escalation

doas executes arbitrary commands as another user. It's similar to sudo command. doas.conf is interesting to privilege escalation.

Investigation

First of all, search location of doas.conf.

find / -type f -name "doas.conf" 2>/dev/null

Next check the configuration.

doas -C /path/to/doas.conf
doas -C /etc/doas.conf
# or
cat /etc/doas.conf

Execute doas as below.

doas -u root <command> <arg>

Please also refer to GTFOBins to PrivEsc.