Lanschool v7.2

[Lyzon]

True shonen. Question is how many people will trust MY keylogger? irony is a bitch lol

Update on Keylogger tho, i managed to get it to log any key but it does not recognise changes in caps. I need to check the status of the shift keys and caps lock key.

[shonen]

lol Well that is another issue all in its own, I guess the overly paranoid will pick your tool apart.

I no longer need the keylogger option seeing as after the previous mentioned bullshit I came across on the schools network I cracked a shit fit and just purchased a new laptop that I can use. A few fellow class mates are considering doing the same But yeah for everyone else keylogging your work could come in handy.

[Lyzon]

Lol, and i almost thought i wasted my time ;)

ps. for the wise guys out there who see that not all the characters add up, its cos my computer has alot of programs open and the keylogger does not have a high priority level.

[still learning]

Wow.. this thread is huge, I've got the same thing at my uni's pc's.

Could i just put process explorer on a USB stick and shut down the lanschool process to prevent the teacher from takeing over my screen in those boring classes that I allready know the knowledge too? I will re-read everything in the thread again later

[Lyzon]

You cant shut the student process because if you do, it just restarts itself. Thats why you have to crash it first. Just download my latest Lanschool manager (previous page i think) and when you run it, you can crash it then close it.

[still learning]

You cant shut the student process because if you do, it just restarts itself. Thats why you have to crash it first. Just download my latest Lanschool manager (previous page i think) and when you run it, you can crash it then close it.

How does your program crash it, buffer overload or something? do you offer a open source code for it? Im going for programming and would be interested in looking at it, if its available..

How does it keep reviving the process after its killed, by the schools server? (Im guessing student/teacher = client/server) with your program can I use the teacher process like the teacher does and view all the other pcs or view or use the teacher/admin options? program looks very nice from the picture, congradulations on some nice work. Thanks! :-)

[Lyzon]

I duno if its a buffer overflow but i know that the student cant handle the WM_QUIT message properly so it crashes. How it keeps coming back... i dont know lol. Once you crash student, you can run teacher (if you have it) and view all people in your current class and have a teachers control over them. Me and a friend made a "trainer" so you can view all channels on the network but i wont release.

As for the code, piece together all my posts, and you can recreate the programs function :)

[freeb]

ps. for the wise guys out there who see that not all the characters add up, its cos my computer has alot of programs open and the keylogger does not have a high priority level.

Are you using the GetAsyncKeyState api or hooks?

[Lyzon]

Im using the GetAsyncKeyState and GetLastInputInfo functions. I tried using hooks but they are too complicated for me for now. I only started c++ a few weeks ago :D

[Xiy]

I have created a similar application and have been using it at college for the past 6 months, working great too..But the teacher is starting to click on about the screen's always blank when he's watching via lan school. I was wondering if anybody knows how to make it so The teacher maybe just see's a printscreen of our desktop? Instead of just killing the application. I mean that would be cool.

[manuel]

YEah.... its called don't kill the app anbd do the work you are supposed to be doing, instead of trying to get away with anything you can. It is afterall an educational institution, not a game room.

[Leapo]

Stop screwing with the school computers; if you really don't want to be monitored, bring a laptop from home and use that instead.

[Lyzon]

The only reason i close it is that i dont feel comfortable with them logging my keystrokes. The latest version of Lanschool (7.2) logs the keystrokes in real time so... how lucky do you feel o0

[Hewitt22]

.

[h2oh4x!]

Any developments on this subject yet? :D

[Oliver Boryszewski]

I have now finished the final version of the lanschool crasher which i have renamed LanSchool Manager.

It allows you to manage both the student.exe and teacher.exe process in an easy to use gui.

Screens:

Download Link:

http://www.mediafire.com/?bgpmhzwr24t

File Info:

Size: 919kb

Dependancies: None (older versions of gui required .net 3.5 framework)

Enjoy, and use wisely :P

This application looks spiffy, but the link seems to be out of date. I know this is an old thread, but could somebody possible re-post this?

[555]

They use the same thing at my school, I read a post about it a while back and have a program called LanSchoolCrasher.exe (or something like that) I actully got it from this site, which is suppose to block the teacher from reading/writing anything from your pc. like that but never ran it because it maybe a virus or something file looks suspect, i may check it out later in my computer lab. Who knows though it may really be legit.

edit::: wanting to know how this stuff works is the true hacker mentality, dont just say your not suppose to know about that, stop trying to figure it out.

[bme2008]

the link doesnt work for me either olliver.

[manuel]

way to bring back a dead thread... and FYI, the developers are aware of this conversation and have been following it closely.

So, all of those things discussed here, have been addressed in more recent builds and have been patched.

[same25]

i dont know if they updated so i might still have a chance

[shonen]

Due to a fair few PM's I figured I may share for educational purpose's. But seriously do any of you even watch hak5 if you did you would easily have your work around solution and wouldn't need to ask such questions.

TBH I am yet to look at their recent build and have a fiddle at a work around solution for it. With that said I am assuming much is the same with the previous one and if you simply wish to remove it, its just a matter of having the right privileges on the local machine and the installer to remove it. CBF testing it with the latest build due to assignments and work commitments (the irony seeing as I am currently employeed in the IT department of a school).

Step 1: Download Kon-Boot and burn it to a CD with roxio, nero, free iso burner etc or create a bootable usb key. Don't worry about the quick download its only a couple of KB's in size.

Step 2:Log into your workstation as per normal (into the domain) go to start run and type cmd. At the command prompt type net user and hit enter. You should see all the accounts that are on that local machine. In most case's the help desk department would image each machine with the same settings and the Adminstrator account is usually changed to another name such as Poweruser, superuser etc. Just take a note off all the accounts on a piece of paper

Step 3: Restart your computer and boot the kon boot CD. Most schools wont stop you from booting off the cd but if they do and you need a password using the default loggin for your student ID (or workstation loggin prior to you having to change it when you first started school) works a treat seeing as they usually conform to a common password structure. Follow the prompts through kon-boot until you reach the login screen.

Note: If you are unable to get the password to boot off the CD or change the bios just wait for your teacher to take a well deserved coffee break, unplug power, pop open case and remove the watch battery on the mother board for a few seconds to reset it.

Step 4: select login into this computer (locally not into the domain) and enter one of the user names that you suspect is for the admin account and just hit enter, kon-boot will by bass the password for you.

step 5: Once in Use the lan school installer (you may wanna download that to a usb mem stick before hand) to remove the installed lanschool software from your workstation permanently. If for some reason the new version requires a password or something to remove it. Just fire up regedit and mess with/remove the registry entry for lanschool which will bork it up.

Note: seeing as you already have admin on the box you may as well create a new admin account for yourself and set it up to your pleasing with your fav browser firefox, fox proxy to bypass the content/url filtering etc. Now when ever you wanna log in you just log into the local machine and not the domain. To get web browsing n stuff you will just have to load a web browser and you will be prompted for your login credetials for the domain/your active directory account. Just login how you usually do with your student ID/user name and password and the proxy settings and such will load into your browser so you can surf as normal. Only diff now is you are on a box without lan school and are free to install/unistall as you wish. This is how I do things at my school and I have about 4 machines for the different classes I attend customized to my liking.... not that I use it much these days seeing as I BYO laptop. XD

In any case as was mentioned on here before use your time to study and not spend it on social networking sites n such. I can assure you that most school networks are pretty insecure and MITM attacks on them are pretty much a peace of piss to pull off seeing as students are usually clumped together on one VLAN.

[x-quisite]

sorry to bring this topic back. just don't get it. let see below:

Lol thx. Yea my college uses lan school. Version 7.1.0.3 to be exact but this has been tested on 7.0.0.7, 7.1.0.3, 7.2.1.0 and 7.2.1.1 and works on all. It exploits a message handling bug in Student.exe which crashes when it gets the message. The process is still there but its non responsive. Youll see this when you run LanSchool Manager. Click "Crash" and the text changes from Running to Not Responding. If the process is not protected you can close it after by clicking close.

In my college Student.exe is a protected process which is why only the crash button will work there but under normal circumstances it would close it aswell.

The program monitors any process named Student.exe and Teacher.exe, while not limited to lanschool (i think netops uses the same process names?) it was designed to be used for lanschool.

i think someone has ask to reupload back the dead link for 'lanschool manager' by lyzon. it looks fine. but i just don't get it why there's no one reupload it. my college use only version 7.0.0.7. So i also really wanna try this application

way to bring back a dead thread... and FYI, the developers are aware of this conversation and have been following it closely.

So, all of those things discussed here, have been addressed in more recent builds and have been patched.

sorry, i can't find where this topic has been addressed. Can come out with a link?

Due to a fair few PM's I figured I may share for educational purpose's. But seriously do any of you even watch hak5 if you did you would easily have your work around solution and wouldn't need to ask such questions.

TBH I am yet to look at their recent build and have a fiddle at a work around solution for it. With that said I am assuming much is the same with the previous one and if you simply wish to remove it, its just a matter of having the right privileges on the local machine and the installer to remove it. CBF testing it with the latest build due to assignments and work commitments (the irony seeing as I am currently employeed in the IT department of a school).

Step 1: Download Kon-Boot and burn it to a CD with roxio, nero, free iso burner etc or create a bootable usb key. Don't worry about the quick download its only a couple of KB's in size.

Step 2:Log into your workstation as per normal (into the domain) go to start run and type cmd. At the command prompt type net user and hit enter. You should see all the accounts that are on that local machine. In most case's the help desk department would image each machine with the same settings and the Adminstrator account is usually changed to another name such as Poweruser, superuser etc. Just take a note off all the accounts on a piece of paper

Step 3: Restart your computer and boot the kon boot CD. Most schools wont stop you from booting off the cd but if they do and you need a password using the default loggin for your student ID (or workstation loggin prior to you having to change it when you first started school) works a treat seeing as they usually conform to a common password structure. Follow the prompts through kon-boot until you reach the login screen.

Note: If you are unable to get the password to boot off the CD or change the bios just wait for your teacher to take a well deserved coffee break, unplug power, pop open case and remove the watch battery on the mother board for a few seconds to reset it.

Step 4: select login into this computer (locally not into the domain) and enter one of the user names that you suspect is for the admin account and just hit enter, kon-boot will by bass the password for you.

step 5: Once in Use the lan school installer (you may wanna download that to a usb mem stick before hand) to remove the installed lanschool software from your workstation permanently. If for some reason the new version requires a password or something to remove it. Just fire up regedit and mess with/remove the registry entry for lanschool which will bork it up.

Note: seeing as you already have admin on the box you may as well create a new admin account for yourself and set it up to your pleasing with your fav browser firefox, fox proxy to bypass the content/url filtering etc. Now when ever you wanna log in you just log into the local machine and not the domain. To get web browsing n stuff you will just have to load a web browser and you will be prompted for your login credetials for the domain/your active directory account. Just login how you usually do with your student ID/user name and password and the proxy settings and such will load into your browser so you can surf as normal. Only diff now is you are on a box without lan school and are free to install/unistall as you wish. This is how I do things at my school and I have about 4 machines for the different classes I attend customized to my liking.... not that I use it much these days seeing as I BYO laptop. XD

In any case as was mentioned on here before use your time to study and not spend it on social networking sites n such. I can assure you that most school networks are pretty insecure and MITM attacks on them are pretty much a peace of piss to pull off seeing as students are usually clumped together on one VLAN.

i belive your way is one of a good way. but with so many procedure, reboot and stuff like that, it just will attract people around us to see what we try to do. maybe not too flexible is the correct word

well, if it possible, i just want to suggest that i think the best way is not by to uninstalled or crashing it, maybe just an application to fake it. the screen,application run and stuff like that. coz i believe the best way is the most 'silent' way.

[x-quisite]

sorry to bring this topic back. just don't get it. let see below:

Lol thx. Yea my college uses lan school. Version 7.1.0.3 to be exact but this has been tested on 7.0.0.7, 7.1.0.3, 7.2.1.0 and 7.2.1.1 and works on all. It exploits a message handling bug in Student.exe which crashes when it gets the message. The process is still there but its non responsive. Youll see this when you run LanSchool Manager. Click "Crash" and the text changes from Running to Not Responding. If the process is not protected you can close it after by clicking close.

In my college Student.exe is a protected process which is why only the crash button will work there but under normal circumstances it would close it aswell.

The program monitors any process named Student.exe and Teacher.exe, while not limited to lanschool (i think netops uses the same process names?) it was designed to be used for lanschool.

i think someone has ask to reupload back the dead link for 'lanschool manager' by lyzon. it looks fine. but i just don't get it why there's no one reupload it. my college use only version 7.0.0.7. So i also really wanna try this application

way to bring back a dead thread... and FYI, the developers are aware of this conversation and have been following it closely.

So, all of those things discussed here, have been addressed in more recent builds and have been patched.

sorry, i can't find where this topic has been addressed. Can come out with a link?

Due to a fair few PM's I figured I may share for educational purpose's. But seriously do any of you even watch hak5 if you did you would easily have your work around solution and wouldn't need to ask such questions.

TBH I am yet to look at their recent build and have a fiddle at a work around solution for it. With that said I am assuming much is the same with the previous one and if you simply wish to remove it, its just a matter of having the right privileges on the local machine and the installer to remove it. CBF testing it with the latest build due to assignments and work commitments (the irony seeing as I am currently employeed in the IT department of a school).

Step 1: Download Kon-Boot and burn it to a CD with roxio, nero, free iso burner etc or create a bootable usb key. Don't worry about the quick download its only a couple of KB's in size.

Step 2:Log into your workstation as per normal (into the domain) go to start run and type cmd. At the command prompt type net user and hit enter. You should see all the accounts that are on that local machine. In most case's the help desk department would image each machine with the same settings and the Adminstrator account is usually changed to another name such as Poweruser, superuser etc. Just take a note off all the accounts on a piece of paper

Step 3: Restart your computer and boot the kon boot CD. Most schools wont stop you from booting off the cd but if they do and you need a password using the default loggin for your student ID (or workstation loggin prior to you having to change it when you first started school) works a treat seeing as they usually conform to a common password structure. Follow the prompts through kon-boot until you reach the login screen.

Note: If you are unable to get the password to boot off the CD or change the bios just wait for your teacher to take a well deserved coffee break, unplug power, pop open case and remove the watch battery on the mother board for a few seconds to reset it.

Step 4: select login into this computer (locally not into the domain) and enter one of the user names that you suspect is for the admin account and just hit enter, kon-boot will by bass the password for you.

step 5: Once in Use the lan school installer (you may wanna download that to a usb mem stick before hand) to remove the installed lanschool software from your workstation permanently. If for some reason the new version requires a password or something to remove it. Just fire up regedit and mess with/remove the registry entry for lanschool which will bork it up.

Note: seeing as you already have admin on the box you may as well create a new admin account for yourself and set it up to your pleasing with your fav browser firefox, fox proxy to bypass the content/url filtering etc. Now when ever you wanna log in you just log into the local machine and not the domain. To get web browsing n stuff you will just have to load a web browser and you will be prompted for your login credetials for the domain/your active directory account. Just login how you usually do with your student ID/user name and password and the proxy settings and such will load into your browser so you can surf as normal. Only diff now is you are on a box without lan school and are free to install/unistall as you wish. This is how I do things at my school and I have about 4 machines for the different classes I attend customized to my liking.... not that I use it much these days seeing as I BYO laptop. XD

In any case as was mentioned on here before use your time to study and not spend it on social networking sites n such. I can assure you that most school networks are pretty insecure and MITM attacks on them are pretty much a peace of piss to pull off seeing as students are usually clumped together on one VLAN.

i belive your way is one of a good way. but with so many procedure, reboot and stuff like that, it just will attract people around us to see what we try to do. maybe not too flexible is the correct word

well, if it possible, i just want to suggest that i think the best way is not by to uninstalled or crashing it, maybe just an application to fake it. the screen,application run and stuff like that. coz i believe the best way is the most 'silent' way.

[h2oh4x!]

Hey x-quisite ive made a LanSchool disabler based on Lyzons LanSchool Manager it disables the software easily just click kill.

P.S To my knowledge this will not work on version 7.4 or above however i have tried it up to version 7.2 and it works fine. Also this was programmed in Visual Studio 2008 so it requires .net framework. Have fun ;)

http://www.mediafire.com/?vztmmqyzj1z

[kickarse]

Careful with your payload. These types of software usually send information regarding software that's been started and if you name your executable "pwnsk00l.exe" it'll be send and flagged. Something like notepad.exe would most likely be better.

Just sayin'. I haven't had any experience with LanSchool and I don't know what data it sends. But these types of software usually do this.