# container > Container escape and Kubernetes attacks. Use when user is inside a container and wants to escape to the host. - Author: Monopoly CW - Repository: veil-protocol/usf-7 - Version: 20260125012158 - Stars: 1 - Forks: 0 - Last Updated: 2026-02-06 - Source: https://github.com/veil-protocol/usf-7 - Web: https://mule.run/skillshub/@@veil-protocol/usf-7~container:20260125012158 --- --- name: container description: Container escape and Kubernetes attacks. Use when user is inside a container and wants to escape to the host. argument-hint: --- # Container Escape Escape from container: $ARGUMENTS ## Detection Check if in container: ``` mcp__omega-nexus__omega_post_exploit( session_id="$ARGUMENTS", commands=[ "cat /proc/1/cgroup", "ls -la /.dockerenv", "cat /run/secrets/kubernetes.io/serviceaccount/token | head -c 50", "capsh --print" ] ) ``` ## Escape Techniques - Docker socket mount - Privileged container nsenter - cgroup escape - Host PID namespace - CAP_SYS_ADMIN abuse - K8s service account abuse ## Execution ``` mcp__omega-nexus__omega_exploit( target="$ARGUMENTS", exploit_type="container_escape", options={ "techniques": ["docker_sock_mount", "privileged_nsenter", "cgroup_escape"] } ) ``` ## Output Report escape success and host access obtained.