Page cover image

Doas Privilege Escalation

doas executes arbitrary commands as another user. It's similar to sudo command. doas.conf is interesting to privilege escalation.

First of all, search location of doas.conf.

find / -type f -name "doas.conf" 2>/dev/null
Copied!

Next check the configuration.

doas -C /path/to/doas.conf
doas -C /etc/doas.conf
# or
cat /etc/doas.conf
Copied!

Execute doas as below.

doas -u root <command> <arg>
Copied!

Please also refer to GTFOBins to PrivEsc.

Last updated