Exploit Notes

Doas Privilege Escalation

Last modified: 2023-03-07

Linux Privilege Escalation

doas executes arbitrary commands as another user. It's similar to sudo command. doas.conf is interesting to privilege escalation.


First of all, search location of doas.conf.

find / -type f -name "doas.conf" 2>/dev/null

Next check the configuration.

doas -C /path/to/doas.conf
doas -C /etc/doas.conf
# or
cat /etc/doas.conf

Execute doas as below.

doas -u root <command> <arg>

Please also refer to GTFOBins to PrivEsc.

Tools by HDKS


Automatic web fuzzer.


Auto reconnaissance CLI.

Hash Cracker

Hash identifier.