Author: David (admin)

IT

“Logi Capture cannot install, requires restart”. How to fix?

A lot of people are complaining about being unable to (re)install Logi Capture, the software that comes with modern Logi (formerly known as Logitech) webcams.

The complaints

For example, Sasha says: "Logi Capture Version 2.06.8 will not complete installing on my Windows 10 PC. The .exe file immediately jumps to a "Restart Required" screen, and upon reboot nothing happens.  Have cleared regisistry and removed all other logitech files.", to which the customer support gives an answer that indicates they didn't even read the question.

Michael says: "can't install Logi Capture software for my Brio anymore. I get the restart required splash screen after clicking the exe. Restart doesn't solve the issue. Cleaning up the registry doesn't help either. using Win 10 (1909)"

And Jason says: "I just uninstalled Logitech Capture  2.00.226 from my Windows 10 64bit. Then I went to install it again as an Admin, but I now get a window telling me, Restart Required - "Restart is required to continue with LogitechCapture installation." I have followed this process 3 times, with no installation complete. FYI- I have Skype for Business and ZOOM installed on my machine. Skype and another Softphone client that has video conferencing login upon startup."

I think I figured out how to fix this issue. I first installed version 2.08.11, which has some bugs. After removing that version, I ran into the same message trying to install version 2.06.12. Restarting the computer didn't fix anything.

My analysis

It seems that when uninstalling LogiCapture, the old version leaves uninstall instructions in the registry, the LogiCaptureSetupNeedReboot key in the RunOnce section to be exact. The installer expects Windows to run a command based on that, and then remove the data from the registry. It is normal for uninstallers to do such a thing, but Logi has done it wrong: when you're running a 64-bit computer, it writes to the 64-bit registry. Apparently, Windows doesn't even look at the 64-bit version of the registry for RunOnce entries. Therefore, after uninstalling the software from a 64-bit computer, you can never reinstall Logi Capture anymore.

My fix

Fixing this issue is simple. Just remove the wrong entry from the registry

click start
type "cmd" and then press ctrl+shift+enter to run cmd as administrator
then in the command line screen, type:

reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v LogiCaptureSetupNeedReboot /reg:64

(on one line)

After this, I could start Capture_2.06.12.exe or Capture_2.08.11.exe to reinstall Logi Capture.

Please use these tips at your own responsibility.

The real fix

Of course, Logi should fix this in their installer/uninstaller. But given that version 2.08 introduced an annoying message in big red letters to push you away from Logi Capture to another product, I don't think we'll get a real solution soon.

© GeekLabInfo "Logi Capture cannot install, requires restart". How to fix? is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (4 votes, average: 5.00 out of 5)
Loading...
IT

chattr and lsattr in Python

Apart from changing the rwxr-xr-x like permissions, some Linux filesystems have another way of protecting files. You cam make them IMMUTABLE, after which no program can change them. Not even if you have the right permissions. Python however does not support reading or writing the immutable attribute.

Inspired by yellowcrescent, I just wrote the following code snippet for my own use:

# Code from geeklab.info
import fcntl
from array import array

# FS constants - see /uapi/linux/fs.h in kernel source
# or <elixir.free-electrons.com/linux/latest/source/include/uapi/linux/fs.h>
FS_IOC_GETFLAGS = 0x80086601
FS_IOC_SETFLAGS = 0x40086602
FS_IMMUTABLE_FL = 0x010

def chattri(filename: str, value: bool):
    with open(filename,'r') as f: 
        arg = array('L', [0])
        fcntl.ioctl(f.fileno(), FS_IOC_GETFLAGS, arg, True)
        if value:
            arg[0]=arg[0] | FS_IMMUTABLE_FL
        else:
            arg[0]=arg[0] &~ FS_IMMUTABLE_FL
        fcntl.ioctl(f.fileno(), FS_IOC_SETFLAGS, arg, True)

def lsattri(filename: str) -> bool:
    with open(filename,'r') as f:
        arg = array('L', [0])
        fcntl.ioctl(f.fileno(), FS_IOC_GETFLAGS, arg, True)
    return bool(arg[0] & FS_IMMUTABLE_FL)
    
f="/root/testfile"
print("Yes" if lsattri(f) else "No")
chattri(f,False)
print("Yes" if lsattri(f) else "No")
chattri(f,False)
print("Yes" if lsattri(f) else "No")

Use it as you like, at your own risk. If possible please link my website.

Keep in mind that only users with root-access can change file attributes.

© GeekLabInfo chattr and lsattr in Python is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...
WordPress

wp-time-capsule < 1.17.0 Unrestricted File Upload vulnerability

Yesterday, one of my customers had their WordPress website hacked. An out-of-date plugin had allowed uploading an arbitrary PHP file, and someone had used this to drop a few files on serveral locations on the website. Luckily the IDS picked up on this quickly, and we could remove the infection and fix the hole.

What happened?

If we just restore the website, and do not plug the hole, the website will be hacked again in no time. So how did they gain access?

According to the webserver logs, a POST was performed to /wp-content/plugins/wp-time-capsule/wp-tcapsule-bridge/upload/php/index.php. That index.php file is just including /wp-content/plugins/wp-time-capsule/wp-tcapsule-bridge/upload/php/UploadHandler.php and instantiating the UploadHandler class. After sending the POST request to index.php, a webshell was created on the server, which was then used to drop the other files.

There was a .htaccess file in /wp-content/plugins/wp-time-capsule/wp-tcapsule-bridge that could have prevented this, but not every webserver even supports .htaccess files.

First thing I did was compare UploadHandler.php to the most recent version of the file. Apart from a few empty lines, the difference between UploadHandler.php in 1.16.3 and 1.17.0 is:

@@ -377,10 +379,21 @@

             return false;

         }



-        if (!in_array($file->type, $this->options['accept_file_types'])) {

+

+

+        $allowed_extensions = array('.sql', '.gz', '.crypt');

+        $found = false;

+        foreach ($allowed_extensions as $extension) {

+            if(strrpos($file->name, $extension) + strlen($extension) === strlen($file->name)){

+                $found = true;

+            }

+        }

+

+        if (!$found) {

             $file-&>error = $this->get_error_message('accept_file_types');

             return false;

         }

+

         if ($uploaded_file && is_uploaded_file($uploaded_file)) {

             $file_size = $this->get_file_size($uploaded_file);

         } else {

The version 1.16.3 used content-type (a untrusted field) to check for file type, the new version checks the actual file extension. If you can modify the headers of the HTTP-request to spoof a application/sql type of file, you can basically upload anything you like.

Lets just make a proof of concept here. First create a file test.php with some malicious code. Then upload it using:

curl -H Expect: -F "files=@test.php;type=application/sql" http://www.example.com/wp-content/plugins/wp-time-capsule/wp-tcapsule-bridge/upload/php/index.php

Now your file is available through http://www.example.com/wp-content/plugins/wp-time-capsule/wp-tcapsule-bridge/upload/php/text.php

Version 1.17.0 of the wp-time-capsule plugin patches the vulnerability by implementing a file extension check, but the changelog does not mention this at all. I believe making a coding error could happen, but covering it up is unpermissible. I prefer to stay away from software developers that don't report on their security problems.

Had this vulnerability been reported transparently, then the WP management software this customer uses would probably have flagged this update as necessary.

Why?

Why was wp-time-capsule out of date in the first place? Because the customer installed a plugin to defer and hide updates... They install updates through some central WordPress management platform like InfiniteWP or ManageWP.© GeekLabInfo
wp-time-capsule < 1.17.0 Unrestricted File Upload vulnerability is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

IT

Update KB4011086 sets Outlook 2007 language to Swedish

Last night Microsoft released several updates. One of them sets the language of parts of Outlook 2007 installations to Swedish.

Turns out, this is KB4011086. Uninstalling KB4011086 reverts all of outlook to the correct language.

Scripted fix:
msiexec /package {90120000-001A-040E-0000-0000000FF1CE} /uninstall {BBE4FD45-34D1-4497-8F75-77965C4E044D} /qn /quiet /norestart

Or remotely:
psexec \\computername "msiexec.exe" /package "{90120000-001A-040E-0000-0000000FF1CE} /uninstall {BBE4FD45-34D1-4497-8F75-77965C4E044D} /qn /quiet /norestart"

Update: Turns out more people have experienced this problem:
http://www.helpmij.nl/forum/showthread.php/923889-Outlook-is-ineens-tweetalig
https://gathering.tweakers.net/forum/list_messages/1801205
https://social.technet.microsoft.com/Forums/office/en-US/72037dce-f8bb-475f-8f2d-4af6b3a9ea88/latest-outlook-2007-security-patch-kb4011086-wrong-patch-change-app-language-to-swedish
https://www.reddit.com/r/sysadmin/comments/6zsxs3/outlook_2007_suddenly_in_2_languages_uninstall/© GeekLabInfo
Update KB4011086 sets Outlook 2007 language to Swedish is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...

IT

Update KB4011086 sets Outlook 2007 language to Swedish

Last night Microsoft released several updates. One of them sets the language of parts of Dutch Outlook 2007 installations to Swedish.

Turns out, this is KB4011086. Uninstalling KB4011086 reverts all of outlook to the correct language.

Scripted fix:
msiexec /package {90120000-001A-040E-0000-0000000FF1CE} /uninstall {BBE4FD45-34D1-4497-8F75-77965C4E044D} /qn /quiet /norestart

Or remotely:
psexec \\computername "msiexec.exe" /package "{90120000-001A-040E-0000-0000000FF1CE} /uninstall {BBE4FD45-34D1-4497-8F75-77965C4E044D} /qn /quiet /norestart"

Update: Turns out more people have experienced this problem:
http://www.helpmij.nl/forum/showthread.php/923889-Outlook-is-ineens-tweetalig
https://gathering.tweakers.net/forum/list_messages/1801205
https://social.technet.microsoft.com/Forums/office/en-US/72037dce-f8bb-475f-8f2d-4af6b3a9ea88/latest-outlook-2007-security-patch-kb4011086-wrong-patch-change-app-language-to-swedish
https://www.reddit.com/r/sysadmin/comments/6zsxs3/outlook_2007_suddenly_in_2_languages_uninstall/© GeekLabInfo
Update KB4011086 sets Outlook 2007 language to Swedish is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)
Loading...

IT

Windows 7 and Windows 8 updates slow

The last few months, I've noticed brand new clean Windows 7 installs have a hard time updating for the first time. Doesn't matter if they are updating from the original Microsoft update service of from a WSUS server, the time until the first update sometimes can be hours.

This update is supposed to fix that. I haven't tried it myself yet:
https://support.microsoft.com/en-us/kb/3161608

© GeekLabInfo
Windows 7 and Windows 8 updates slow is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

IT

Fix idealcheckout_unserialize

Sorry, I don't feel like typing a message dedicated to this fix I made. Let's just post the code.

Original code:

function idealcheckout_unserialize($sString)
    {
        // Recalculate multibyte strings
        $sString = preg_replace('!s:(\d+):"(.*?)";!se', "'s:'.strlen('$2').':\"$2\";'", $sString);
        return unserialize($sString);
    }

Error:

PHP Deprecated:  preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ... on line ..

This means idealcheckout_unserialize is not php7 compatible.

My fix:

    // Unserialize data
    function idealcheckout_unserialize($sString)
    {
        // Recalculate multibyte strings
        $sString = preg_replace_callback('!s:(\d+):"(.*?)";!s',
            function($matches){
                return 's:'.strlen($matches[2]).':"'.$matches[2].'";';
            }, $sString);
        return unserialize($sString);
    }

© GeekLabInfo
Fix idealcheckout_unserialize is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...