Hack Lanschool

Lanschool is "classroom software" used by various schools to ensure that students are appropriately using school computers. Unfortunately, the vast array of features Lanschool has is very open to abuse. Malicious users can steal usernames and passwords using the keystroke logger, harass students via chat, and even control keyboard and mouse input. These features are reminiscent of remote administration tools found in many botnets such as GhostRAT in Ghostnet or Zbot in Kronos.

These methods enable you to either disable Lanschool, or retain control of the computer for at least three seconds when a teacher has enabled the "Show student" feature on Lanschool, a feature some teachers use to display the screens of other Lanschool clients to all Lanschool-equipped computers.

Steps

Retaining Control with "Show Student" Enabled

  1. Once the teacher has enabled "Show Student" press ctrl-alt-delete to bring up the screen that has the buttons to get to the task manager, lock computer, etc.
  2. While that is open, press esc multiple times while releasing ctrl-alt-delete to ensure you hit it right as the menu is disappearing
  3. press ctrl-alt-delete once again and you will have control of the computer's mouse for 2-3 seconds
Kipkis.com-hack-lanschool.jpg

Disconnecting From the Network

  1. An alternative method of gaining control, and for an indefinite time, is to remove the network cable from the back of the computer. "Show student" ceases to be broadcast to the disconnected computer.
  2. The above method also applies to computers connected wirelessly, especially laptops with an external "Turn off wifi" switch.

Using Software Tools

  1. For Lanschool 6 or below, "LanSchooled", a piece of software which spoofs Lanschool broadcasts, allows you to perform teacher functions such as shutdown people's screens etc.
  2. On Mac OS X, PwnSchool allows you to stop the Lanschool process and render it useless. It is also effective for stopping Apple Remote Desktop and Screen Sharing. Note Pwnschool is a dead project and newer versions of Lanschool are unaffected by Pwnschool.
  3. Another piece of software available for Mac users is Lanschool Blocker (scroll down to Download Packages, and download latest Version.zip)

Using Microsoft Process Hacker

  1. Download and run Microsoft Process Explorer or Process Hacker
  2. Right click "student.exe" and go to "Properties".
  3. Remove all permissions from SYSTEM. If a member of staff is currently monitoring you, go to the bottom of the permissions list. Your name should have a tick on the terminate permission. You can give yourself permission to terminate student.exe.
  4. Click "Apply" to save the changes.

Using Command Prompt

Find some way to get onto Windows Command Prompt.

  1. Then type in the command "Taskkill/f /im" and student.exe. The file will be terminated.
  2. Then use the next command line with Taskkill/f /im and "lskhelper.exe". That file will be terminated as well. Do the same with lskhlpr64.exe

Tips

  • Pressing escape multiple times is recommended on Method 1
  • Method 4 may not work on some deployments of Student.exe
  • Method 4 allows you to run Command Prompt or if Command Prompt is blocked COMMAND.COM to copy Teacher.exe to a flash drive. On unpatched versions of Windows XP SP2 or lower, you can also Become the System User in Windows XP
  • Method 4 may also allows you to acquire "switchtoteacher.exe" which is the program used to switch student.exe off for teachers
  • Download the DEMO version of LanSchool so you can get a feel of what the teachers can do. NOTE: Some features are restricted in the DEMO version.
  • Acquiring a copy of Lanschool installation files is a much more effective solution.
  • If Student.exe is running under the user NT Authority/System, with help from a hijacked teacher console, you can become the local Administrator by terminating explorer.exe, then relaunching it using the teacher console.
  • Method 2 doesn't work on newer versions of Lanschool
  • Do not take to long, someone may become suspicious

Warnings

  • Teachers know if you unplugged your network cable because on the teacher console, your computer is shown as "Not Responding" and on routers with dynamic DHCP, your IP address changes.
  • Most teachers will do foot patrols of the lab, rendering this moot
  • Method 4 also causes your computer to display as "Not Responding"
  • Most school technology policies prohibit this behaviour. You may be suspended or expelled.
  • Some of these methods are depreciated and do not work on newer versions of Lanschool
  • When a teacher uses the "Show Student" function to demonstrate something, you will not be able to see the demonstration unless you watch someone else's screen

Related Articles

Retrieved from "https://kipkis.com/index.php?title=Hack_Lanschool&oldid=264373"