Skip to content
exp-docs

extensioninstallallowlist-opener

-e ExtensionInstallAllowlist Opener

Requirements: -> Brain -> Chromebook -> Be able to have HTML files that can run JS code, otherwise see step 3 -> chrome://policy not blocked by policy

Steps:

  1. Download this HTML file: https://rentry.co/8qip49zw.
  2. Open it.
  3. If you can’t open HTML files, then use this data uri: data:text/html;base64,PCFET0NUWVBFIGh0bWw+CjxodG1sIGxhbmc9ImVuIj4KPGhlYWQ+CiAgICA8bWV0YSBjaGFyc2V0PSJVVEYtOCI+CiAgICA8bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdpZHRoLCBpbml0aWFsLXNjYWxlPTEuMCI+CiAgICA8dGl0bGU+RXh0ZW5zaW9uSW5zdGFsbEFsbG93bGlzdCBPcGVuZXI8L3RpdGxlPgogICAgPHN0eWxlPgogICAgICAgIGJvZHkgewogICAgICAgICAgICBmb250LWZhbWlseTogQXJpYWwsIHNhbnMtc2VyaWY7CiAgICAgICAgICAgIHRleHQtYWxpZ246IGNlbnRlcjsKICAgICAgICAgICAgbWFyZ2luOiAyMHB4OwogICAgICAgICAgICBsaW5lLWhlaWdodDogMS42OwogICAgICAgIH0KICAgICAgICB0ZXh0YXJlYSB7CiAgICAgICAgICAgIHdpZHRoOiAxMDAlOwogICAgICAgICAgICBoZWlnaHQ6IDE1MHB4OwogICAgICAgICAgICBtYXJnaW4tYm90dG9tOiAxMHB4OwogICAgICAgICAgICBib3JkZXItcmFkaXVzOiA1cHg7CiAgICAgICAgICAgIHJlc2l6ZTogbm9uZTsKICAgICAgICB9CiAgICAgICAgYnV0dG9uIHsKICAgICAgICAgICAgcGFkZGluZzogMTBweCAyMHB4OwogICAgICAgICAgICBmb250LXNpemU6IDE2cHg7CiAgICAgICAgICAgIGN1cnNvcjogcG9pbnRlcjsKICAgICAgICB9CiAgICAgICAgI2Vycm9yIHsKICAgICAgICAgICAgY29sb3I6ICNmZjc1N2U7CiAgICAgICAgICAgIG1hcmdpbi10b3A6IDEwcHg7CiAgICAgICAgfQogICAgICAgICNvdXRwdXRMb2cgewogICAgICAgICAgICB0ZXh0LWFsaWduOiBsZWZ0OwogICAgICAgICAgICBtYXJnaW4tdG9wOiAyMHB4OwogICAgICAgICAgICBwYWRkaW5nOiAxMHB4OwogICAgICAgICAgICBib3JkZXI6IDFweCBzb2xpZCAjY2NjOwogICAgICAgICAgICBtYXgtaGVpZ2h0OiAzMDBweDsKICAgICAgICAgICAgb3ZlcmZsb3cteTogYXV0bzsKICAgICAgICAgICAgYm9yZGVyLXJhZGl1czogNXB4OwogICAgICAgIH0KICAgICAgICAubG9nRW50cnkgewogICAgICAgICAgICBkaXNwbGF5OiBmbGV4OwogICAgICAgICAgICBhbGlnbi1pdGVtczogY2VudGVyOwogICAgICAgICAgICBtYXJnaW4tYm90dG9tOiA1cHg7CiAgICAgICAgfQogICAgICAgIC50aW1lc3RhbXAgewogICAgICAgICAgICBjb2xvcjogZ3JheTsKICAgICAgICAgICAgZm9udC1zaXplOiAwLjhlbTsKICAgICAgICAgICAgdXNlci1zZWxlY3Q6IG5vbmU7IC8qIFByZXZlbnQgdGV4dCBzZWxlY3Rpb24gKi8KICAgICAgICAgICAgbWFyZ2luLXJpZ2h0OiAxMHB4OyAvKiBTcGFjZSBiZXR3ZWVuIHRpbWVzdGFtcCBhbmQgbGluayAqLwogICAgICAgIH0KICAgICAgICAqIHsKICAgICAgICAgICAgYmFja2dyb3VuZC1jb2xvcjogYmxhY2s7CiAgICAgICAgICAgIGNvbG9yOiByZ2IoMTk2LCAxOTYsIDE5Nik7CiAgICAgICAgICAgIGZvbnQtZmFtaWx5OiBtb25vc3BhY2U7CiAgICAgICAgfQogICAgICAgIGlucHV0LGJ1dHRvbiB7CiAgICAgICAgICAgIGJhY2tncm91bmQtY29sb3I6ICMxMzEzMTM7CiAgICAgICAgICAgIGJvcmRlcjogIzBhMGEwYTsKICAgICAgICAgICAgYm9yZGVyLXdpZHRoOiAzcHg7CiAgICAgICAgICAgIGJvcmRlci1yYWRpdXM6IDNweDsKICAgICAgICAgICAgYm9yZGVyLXN0eWxlOiBzb2xpZDsKICAgICAgICAgICAgbWFyZ2luOiAxLjRweDsKICAgICAgICAgICAgY3Vyc29yOiBwb2ludGVyOwogICAgICAgIH0KICAgICAgICAubGluay10ZXh0IHsKICAgICAgICAgICAgY29sb3I6ICMxOWZmYzI7CiAgICAgICAgICAgIHRleHQtZGVjb3JhdGlvbi1zdHlsZTogd2F2eTsKICAgICAgICB9CiAgICA8L3N0eWxlPgo8L2hlYWQ+Cjxib2R5PgogICAgPGgxPjxjb2RlIHN0eWxlPSJjb2xvcjojOGMxOWZmOyI+RXh0ZW5zaW9uSW5zdGFsbEFsbG93bGlzdDwvY29kZT4gT3BlbmVyPC9oMT4KICAgIDxwPlR5cGUgaW4gPGEgaHJlZj0iY2hyb21lOi8vcG9saWN5IiB0YXJnZXQ9Il9ibGFuayIgY2xhc3M9ImxpbmstdGV4dCI+Y2hyb21lOi8vcG9saWN5PC9hPiBpbiB0aGUgVVJMIGJhci48YnI+IFRoZW4gc2VhcmNoIDxjb2RlIHN0eWxlPSJjb2xvcjojOGMxOWZmIj5FeHRlbnNpb25JbnN0YWxsQWxsb3dsaXN0PC9jb2RlPiwgYW5kIHRoZW4gY2xpY2sgPGNvZGUgc3R5bGU9ImNvbG9yOiM2YmJhZmYiPlNob3cgTW9yZTwvY29kZT4uIENvcHkgZXZlcnl0aGluZyBhbmQgcGFzdGUgaXQgaW4gaGVyZS48L3A+CiAgICA8dGV4dGFyZWEgaWQ9Impzb25JbnB1dCI+PC90ZXh0YXJlYT4KICAgIDxicj4KICAgIDxidXR0b24gb25jbGljaz0iZ2VuZXJhdGVMaW5rcygpIj5HZW5lcmF0ZSBMaW5rczwvYnV0dG9uPgogICAgPGJ1dHRvbiBpZD0ib3BlbkxpbmtzQnRuIiBvbmNsaWNrPSJvcGVuTGlua3MoKSIgZGlzYWJsZWQ+T3BlbiBBbGwgTGlua3M8L2J1dHRvbj4KICAgIDxkaXYgaWQ9ImVycm9yIj48L2Rpdj4KICAgIDxkaXYgaWQ9Im91dHB1dExvZyI+PC9kaXY+CgogICAgPHNjcmlwdD4KICAgICAgICBsZXQgZXh0ZW5zaW9uTGlua3MgPSBbXTsKCiAgICAgICAgZnVuY3Rpb24gZm9ybWF0VGltZShkYXRlKSB7CiAgICAgICAgICAgIGNvbnN0IGhvdXJzID0gU3RyaW5nKGRhdGUuZ2V0SG91cnMoKSkucGFkU3RhcnQoMiwgJzAnKTsKICAgICAgICAgICAgY29uc3QgbWludXRlcyA9IFN0cmluZyhkYXRlLmdldE1pbnV0ZXMoKSkucGFkU3RhcnQoMiwgJzAnKTsKICAgICAgICAgICAgY29uc3Qgc2Vjb25kcyA9IFN0cmluZyhkYXRlLmdldFNlY29uZHMoKSkucGFkU3RhcnQoMiwgJzAnKTsKICAgICAgICAgICAgY29uc3QgbWlsbGlzZWNvbmRzID0gU3RyaW5nKGRhdGUuZ2V0TWlsbGlzZWNvbmRzKCkpLnBhZFN0YXJ0KDMsICcwJyk7CiAgICAgICAgICAgIHJldHVybiBgJHtob3Vyc306JHttaW51dGVzfToke3NlY29uZHN9OiR7bWlsbGlzZWNvbmRzfWA7CiAgICAgICAgfQoKICAgICAgICBmdW5jdGlvbiBnZW5lcmF0ZUxpbmtzKCkgewogICAgICAgICAgICBjb25zdCBqc29uSW5wdXQgPSBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnanNvbklucHV0JykudmFsdWU7CiAgICAgICAgICAgIGNvbnN0IGVycm9yRGl2ID0gZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ2Vycm9yJyk7CiAgICAgICAgICAgIGNvbnN0IG91dHB1dExvZyA9IGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdvdXRwdXRMb2cnKTsKICAgICAgICAgICAgY29uc3Qgb3BlbkxpbmtzQnRuID0gZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ29wZW5MaW5rc0J0bicpOwogICAgICAgICAgICBlcnJvckRpdi50ZXh0Q29udGVudCA9ICcnOwogICAgICAgICAgICBvdXRwdXRMb2cuaW5uZXJIVE1MID0gJyc7IC8vIENsZWFyIHByZXZpb3VzIG91dHB1dAoKICAgICAgICAgICAgZXh0ZW5zaW9uTGlua3MgPSBbXTsgLy8gUmVzZXQgdGhlIGxpbmtzIGFycmF5CgogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgY29uc3QgZXh0ZW5zaW9uSWRzID0gSlNPTi5wYXJzZShqc29uSW5wdXQpOwoKICAgICAgICAgICAgICAgIGlmICghQXJyYXkuaXNBcnJheShleHRlbnNpb25JZHMpKSB7CiAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IEVycm9yKCdNYWtlIHN1cmUgeW91IHBhc3RlZCB0aGUgRU5USVJFIEpTT04gYXJyYXkgb2YgdGhlIEV4dGVuc2lvbkluc3RhbGxBbGxvd2xpc3QnKTsKICAgICAgICAgICAgICAgIH0KCiAgICAgICAgICAgICAgICBjb25zdCB0aW1lc3RhbXAgPSBmb3JtYXRUaW1lKG5ldyBEYXRlKCkpOwoKICAgICAgICAgICAgICAgIC8vIEdlbmVyYXRlIGFuZCBkaXNwbGF5IGxpbmtzIHdpdGggdGltZXN0YW1wCiAgICAgICAgICAgICAgICBleHRlbnNpb25JZHMuZm9yRWFjaCgoaWQpID0+IHsKICAgICAgICAgICAgICAgICAgICBpZiAodHlwZW9mIGlkID09PSAnc3RyaW5nJyAmJiBpZC50cmltKCkpIHsKICAgICAgICAgICAgICAgICAgICAgICAgY29uc3QgdXJsID0gYGh0dHBzOi8vY2hyb21ld2Vic3RvcmUuZ29vZ2xlLmNvbS9kZXRhaWwvJHtpZC50cmltKCl9YDsKICAgICAgICAgICAgICAgICAgICAgICAgZXh0ZW5zaW9uTGlua3MucHVzaCh1cmwpOwoKICAgICAgICAgICAgICAgICAgICAgICAgLy8gQXBwZW5kIGxpbmsgdG8gb3V0cHV0IGxvZwogICAgICAgICAgICAgICAgICAgICAgICBjb25zdCBsb2dFbnRyeSA9IGRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoJ2RpdicpOwogICAgICAgICAgICAgICAgICAgICAgICBsb2dFbnRyeS5jbGFzc05hbWUgPSAnbG9nRW50cnknOwoKICAgICAgICAgICAgICAgICAgICAgICAgY29uc3QgdGltZXN0YW1wRWxlbWVudCA9IGRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoJ3NwYW4nKTsKICAgICAgICAgICAgICAgICAgICAgICAgdGltZXN0YW1wRWxlbWVudC5jbGFzc05hbWUgPSAndGltZXN0YW1wJzsKICAgICAgICAgICAgICAgICAgICAgICAgdGltZXN0YW1wRWxlbWVudC50ZXh0Q29udGVudCA9IGAoJHt0aW1lc3RhbXB9KWA7CgogICAgICAgICAgICAgICAgICAgICAgICBjb25zdCBsaW5rRWxlbWVudCA9IGRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoJ2EnKTsKICAgICAgICAgICAgICAgICAgICAgICAgbGlua0VsZW1lbnQuaHJlZiA9IHVybDsKICAgICAgICAgICAgICAgICAgICAgICAgbGlua0VsZW1lbnQudGFyZ2V0ID0gJ19ibGFuayc7CiAgICAgICAgICAgICAgICAgICAgICAgIGxpbmtFbGVtZW50LnJlbCA9ICdub29wZW5lciBub3JlZmVycmVyJzsKICAgICAgICAgICAgICAgICAgICAgICAgbGlua0VsZW1lbnQudGV4dENvbnRlbnQgPSB1cmw7CgogICAgICAgICAgICAgICAgICAgICAgICBsb2dFbnRyeS5hcHBlbmRDaGlsZCh0aW1lc3RhbXBFbGVtZW50KTsKICAgICAgICAgICAgICAgICAgICAgICAgbG9nRW50cnkuYXBwZW5kQ2hpbGQobGlua0VsZW1lbnQpOwoKICAgICAgICAgICAgICAgICAgICAgICAgb3V0cHV0TG9nLmFwcGVuZENoaWxkKGxvZ0VudHJ5KTsKICAgICAgICAgICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgICAgICAgICBjb25zb2xlLndhcm4oYEludmFsaWQgZXh0ZW5zaW9uIElEOiAke2lkfWApOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIH0pOwoKICAgICAgICAgICAgICAgIC8vIEVuYWJsZSB0aGUgYnV0dG9uIHRvIG9wZW4gYWxsIGxpbmtzCiAgICAgICAgICAgICAgICBvcGVuTGlua3NCdG4uZGlzYWJsZWQgPSBmYWxzZTsKCiAgICAgICAgICAgIH0gY2F0Y2ggKGUpIHsKICAgICAgICAgICAgICAgIGVycm9yRGl2LnRleHRDb250ZW50ID0gYEVycm9yOiAke2UubWVzc2FnZX1gOwogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBmdW5jdGlvbiBvcGVuTGlua3MoKSB7CiAgICAgICAgICAgIGV4dGVuc2lvbkxpbmtzLmZvckVhY2goKHVybCkgPT4gewogICAgICAgICAgICAgICAgd2luZG93Lm9wZW4odXJsLCAnX2JsYW5rJywgJ25vb3BlbmVyLG5vcmVmZXJyZXInKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgfQogICAgPC9zY3JpcHQ+CjwvYm9keT4KPC9odG1sPg== (paste that text in the url bar and press enter)
  4. Go to chrome://policy.
  5. Search ExtensionInstallAllowlist.
  6. Find the row where it says ExtensionInstallAllowlist and then click on the blue “Show more” button.
  7. Copy the stuff under Value (everything including the brackets).
  8. Go back to the HTML file.
  9. Paste it in.
  10. Click Generate Links.
  11. Click Open All Links [Warning: It will open a bunch of tabs, be prepared for lag] or just click on each individual link that is generated and logged.

How this could be used: -> After opening all your extensions, you can check if it has the GREEN featured tag (between the original website and the stars (or to the left of the stars)) on the Chrome web store, which means it’s mv3 (not tr3nch compatible)

-> If it doesn’t have the featured tag, then you can download and check if the manifest has the permissions to run tr3nch, Then you can use rigtools (127) updated UI to execute the code, or any other way to get code execution on extensions.

-> Installing all the extensions your school allows to find exploits in them?

Credits: t3rm1n4l_ Titanium Network