# Doas Privilege Escalation

`doas` executes arbitrary commands as another user. It's similar to sudo command. doas.conf is interesting to privilege escalation.

### Investigation <a href="#investigation" id="investigation"></a>

First of all, search location of doas.conf.

```
find / -type f -name "doas.conf" 2>/dev/null
```

Next check the configuration.

```
doas -C /path/to/doas.conf
doas -C /etc/doas.conf
# or
cat /etc/doas.conf
```

Execute doas as below.

```
doas -u root <command> <arg>
```

Please also refer to [GTFOBins](https://gtfobins.github.io/) to PrivEsc.