▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Serious RCE Flaw Revealed in Popular LibreOffice and OpenOffice Programs ?

1) It's since 2019 and simply opening an innocent office document file on your system could allow hackers to hack into your computer.

2) No, I'm not talking about another vulnerability in Microsoft Office, but about two other most popular alternatives - LibreOffice and Apache OpenOffice - free open source office software used by millions of Windows, MacOS and Linux users.

3) Security researcher Alex Infyur discovered a serious remote code execution (RCE) vulnerability in these two open source office suites, which could be caused by simply opening a maliciously crafted ODT (OpenDocument Text) file.

4) The attack relies on exploiting a directory traversal vulnerability, identified as CVE-2018-16858, to automatically launch a specific software-related python library using a hidden onmouseover event.

5)To exploit this vulnerability, Inführ created an ODT file with a white hyperlink (so it cannot be seen) that contains an "onmouseover" event to trick the victim into running a locally available python file on their system when placing the mouse anywhere. to an invisible hyperlink.

6) According to the researcher, a python file named "pydoc.py", which is part of LibreOffice's native Python interpreter, accepts arbitrary commands in one of its parameters and executes them through the command line or system console.

PoC Exploit example video :

https://www.youtube.com/watch?v=zVHsKPwtPo4


@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to Install and Configure Psensor Sensor Monitor in Linux ?

Installing Psensor

1) It is recommended that you install the “lm-sensors” package first before installing psensor to enable extended support for reading various sensors built into the hardware. Run the command below to install lm-sensors in Ubuntu:

$ sudo apt install lm-sensors

2) You can search for the term “lm-sensors” in package managers of other Linux distributions.

Once lm-sensors package has been installed, run the command below to enable detection of sensors:

$ sudo sensors-detect

3) Follow the on-screen instructions and enter your answers after carefully reading each question. When you are asked to “automatically add lines”, choose yes. Once you are through the command line wizard, reboot your system and run the command below to view sensor information in a terminal:

$ sensors

4) Now to install psensor in Ubuntu, run the command below:

$ sudo apt install psensor
Packages for other Linux distributions are available here (scroll down).

🦑First Run Setup

Launch “Psensor” from the application launcher to start the app. You will be presented with a window showing various graphs, sensor readings and threshold values. You will also get a system tray icon for quick access to menu options and current readings.

Now there are two things you might want to configure to tweak the behaviour of the Psensor app. First, you may want to disable the graphical window so that it doesn’t appear everytime you run Psensor. To do so, go to preferences and check the “Hide window on startup” checkbox in the “Startup” tab. To manually view the graphical window, you can use the “Show” option in the system tray icon.

Secondly, you may want to automatically launch Psensor in every session. In the same “Startup” tab, you will find another checkbox “Launch on session startup”. Check it to launch Psensor automatically on every boot.


@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Social media giant Facebook launched Facebook Pay in August of this year, a payment program for small and medium-sized businesses’ online transactions
#Updates
_

Go up against the breeze! Google aims to amend guidance to reiterate that its charging scheme must be used for in-app transactions.
#international
_

WeChat ate up my phone space before software swallowed the world
#Vulnerabilities
_

The Bank of China will stop moving money from the cell phone edition of Windows Phone tomorrow.
#Updates
_

Microsoft CEO talks about the negotiation of acquiring Tiktok: the taste has changed, I will never participate
#international
_

https://pastebin.com/9nFdHQ8x

Detailed fresh Proxies List

Why Telegram Yesterday Blocked ?
#international
_

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 ANDROID MALWARE:

Generic Android Deobfuscator :

Simplify virtually executes an app to understand its behavior and then tries to optimize the code so that it behaves identically but is easier for a human to understand. Each optimization type is simple and generic, so it doesn't matter what the specific type of obfuscation is used.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) Building requires the Java Development Kit 8 (JDK) to be installed.

Because this project contains submodules for Android frameworks, either clone with --recursive:

git clone --recursive https://github.com/CalebFenton/simplify.git
Or update submodules at any time with:

git submodule update --init --recursive

2) Then, to build a single jar which contains all dependencies:

./gradlew fatjar

3) The Simplify jar will be in simplify/build/libs/. You can test it's working by simplifying the provided obfuscated example app. Here's how you'd run it (you may need to change simplify.jar):

java -jar simplify/build/libs/simplify.jar -it 'org/cf/obfuscated' -et 'MainActivity' simplify/obfuscated-app.a

🦑FULL USAGE & EXAMPLE :

https://github.com/CalebFenton/simplify

@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Facebook complains about Apple: users should be allowed to choose their favorite SMS application ?
#Updates
_

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑TERMUX HACKING TOOLS LIST & USAGE :

- [Clickjacking-Tester](https://github.com/D4Vinci/Clickjacking-Tester) - A python script designed to check if the website if vulnerable of clickjacking and create a poc.[](https://github.com/D4Vinci/Clickjacking-Tester/stargazers/)

- [Dr0p1t-Framework](https://github.com/D4Vinci/Dr0p1t-Framework) - A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks.[](https://github.com/D4Vinci/Dr0p1t-Framework/stargazers/)

- [elpscrk](https://github.com/D4Vinci/elpscrk) - A Common User Passwords generator script that looks like the tool Eliot used it in Mr.Robot Series Episode 01 :D :v.[](https://github.com/D4Vinci/elpscrk/stargazers/)

- [SecLists](https://github.com/danielmiessler/SecLists) - SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more..[](https://github.com/danielmiessler/SecLists/stargazers/)

- [dnsrecon](https://github.com/darkoperator/dnsrecon) - DNS Enumeration Script.[](https://github.com/darkoperator/dnsrecon/stargazers/)

- [HiddenEye](https://github.com/DarkSecDevelopers/HiddenEye) - Modern Phishing Tool With Advanced Functionality And Multiple Tunnelling Services [ Android-Support-Available ].[](https://github.com/DarkSecDevelopers/HiddenEye/stargazers/)

- [Intersect-2.5](https://github.com/deadbits/Intersect-2.5) - Post-Exploitation Framework.[](https://github.com/deadbits/Intersect-2.5/stargazers/)

- [wifite](https://github.com/derv82/wifite) - No description provided[![->](


@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

New category called Bugs added to UndercodeNews.com

MORE NEWS T.me/UndercodeNews

The Fully Remote Attack Surface of the iPhone


While there have been several rumours and reports of fully remote vulnerabilities affecting the iPhone being used by attackers in the last couple of years, limited information is available about the technical details of these vulnerabilities, as well as the underlying attack surface they occur in. I investigated the remote, interaction-less attack surface of the iPhone, and found several serious vulnerabilities.
Vulnerabilities are considered ‘remote’ when the attacker does not require any physical or network proximity to the target to be able to use the vulnerability. Remote vulnerabilities are described as ‘fully remote’, ‘interaction-less’ or ‘zero click’ when they do not require any physical interaction from the target to be exploited, and work in real time. I focused on the attack surfaces of the iPhone that can be reached remotely, do not require any user interaction and immediately process input.
There are several