Whelement
Website GitHub Discord Source Running scripts in Chrome pages with SKIOVOX Breakout and Sh0vel.
Finding Sh0vel
Sh0vel is necessary for the Tr3nch exploit to perform most of its functions.- Navigate to chrome://extensions.
- Check if any installed extensions contain the "Read your browsing history" permission.
Find an extension to check.
Click Details in the extension card.
- Navigate to the Chrome Web Store.
- Find an extension that contains the "Read your browsing history" permission.
- Navigate to the extension's Chrome Web Store details page.
- Click Add to Chrome.
- Navigate to chrome://extensions.
- Open the details page of the extension you installed.
- Copy the 32-character extension ID from the address bar after
?id=. - Navigate to the manifest page of the extension you installed.
- Check if the
unsafe-eval,browser_action, andbrowser_actiontext occurrences are present in the manifest file.Press Ctrl + F.
Enter one of the strings provided in this step.
- If any of the previously listed text occurrences are present in the manifest file, restart these steps and use a different extension. This would indicate that the extension is not fully compatible.
Instructions
Check installed extensions
If necessary extensions are not installed
Get the extension ID
Performing the Exploit
- Enter a kiosk profile with SKIOVOX performed.
- Navigate to the SKIOVOX Breakout GitHub repository.
- Click the Code button.
- Click Download ZIP.
- If a download prompt opens, save the file to the Downloads folder.
- Navigate to chrome://extensions.
- Flip and enable the Developer Mode switch on the extensions page.
- Click Load unpacked. An upload prompt should open.
- When the upload prompt opens, right click the downloaded ZIP file.
- Select Extract all.
- In the extracted folder > skiovox-breakout-main, click Open in the bottom right of the prompt.
- Navigate to chrome-untrusted://crosh.
- Run
vmc create-extra-disk --size=1 /home/chronos/user/MyFiles/Downloads/opener.txt. It should return "A raw disk is created at /home/chronos/user/MyFiles/Downloads/opener.txt." - Open a new tab.
- If the default New Tab page loads, install the SKIOVOX Helper extension in a new tab before proceeding.
- Click the folder icon in the bottom right. The file manager should open.
- In the file manager, navigate to Downloads.
- Open the opener.txt file. A new window should open with a blank page tab. This window is managed by your organization.
- Open a new tab.
- Close the blank page tab.
- Navigate to chrome://extensions.
- Open the details page of the extension you previously chose to install in your managed profile.
- Copy the extension ID as done previously.
- Return to the regular window that is not managed by your organization.
- Click the extensions
icon in the toolbar. - Click and activate the Skiovox Breakout extension.
- In the input field for the extension ID, enter the ID of the extension you previously chose to install in your managed profile.
- Set the textarea text to the script you want to run.
- Click Start injection.
Instructions
Loading the Tr3nch Exploit Menu
You should load Tr3nch into an extension before proceeding.- Navigate to chrome://flags.
- Locate and enable the
extensions-on-chrome-urlsflag. - Click Restart.
- After the restart, navigate to chrome://os-settings, chrome://setttings, chrome://extensions, chrome://chrome-signin, chrome://inspect, chrome://file-manager, chrome://network, or chrome://oobe.
- Click the extensions
icon in the toolbar. - Click and activate the extension with the injected script. The Tr3nch exploit menu should launch.
Credits
| User | Description |
|---|---|
| Zeglol1234 | Main developer |
| Writable | SKIOVOX Breakout implementations |
| Bypassi | Add Gmails exploit |
| NotBoeing747 | Misc development & testing |
| Kxtz | Misc development & testing |
| Archimax | GUI inspiration |
| Kelsea | Logo |
| Katie | Testing |