Doas Privilege Escalation
doas executes arbitrary commands as another user. It's similar to sudo command. doas.conf is interesting to privilege escalation.
First of all, search location of doas.conf.
find / -type f -name "doas.conf" 2>/dev/null
Copied!
Next check the configuration.
doas -C /path/to/doas.conf
doas -C /etc/doas.conf
# or
cat /etc/doas.conf
Copied!
Execute doas as below.
doas -u root <command> <arg>
Copied!
Please also refer to GTFOBins to PrivEsc.
Last updated