Skip to content
View Chocapikk's full-sized avatar
๐Ÿฅฅ
๐Ÿฅฅ

Highlights

  • Pro

Block or report Chocapikk

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this userโ€™s behavior. Learn more about reporting abuse.

Report abuse
Chocapikk/README.md

Typing SVG

Hi there! I'm Valentin Lobstein, a pentester and cybersecurity student at Oteria Cyber School. I'm passionate about ethical hacking, vulnerability research, and software development. I love sharing my knowledge and contributing to the cybersecurity community through my GitHub repositories. ๐ŸŒ๐Ÿ’ก

GitHub followers

Support me on Ko-fi

LinkedIn Instagram X Protonmail TryHackMe RootMe OnlyFans

๐Ÿงฐ Skills & Languages

Python Lua PHP Ruby C Bash CSS3 Docker Flask Go HTML5 Hugo JavaScript MySQL Nginx Metasploit Burp Suite Windows Linux Mint Kali Linux Manjaro Git GitHub

๐Ÿ“š Repositories

In this GitHub account, you'll find a variety of cybersecurity projects. Feel free to explore, and learn! ๐ŸŽฎ๐Ÿ”

๐Ÿ“ Tools

Below is a list of tools I've developed, which are designed to assist in various cybersecurity tasks:

  • LFIHunt
    Advanced Tool To Scan And Exploit Local File Inclusion (LFI) Vulnerabilities. - GitHub

  • LeakPy
    Python-based tool to query LeakIX.net's API. - GitHub

๐Ÿ† Hall Of Fame

Below is a list of Hall of Fame acknowledgments where my contributions to cybersecurity have been recognized:

Ferrari 2023 Siemens 2024 Philips 2024 Wikimedia 2024

๐Ÿšจ CVE Contributions

I have contributed to identifying and documenting several CVEs. Hereโ€™s a list of CVEs Iโ€™ve worked on:

  • ๐Ÿ”’ CVE-2023-50917
    Remote Code Execution in MajorDoMo - GitHub

  • ๐Ÿ”’ CVE-2024-22899 to CVE-2024-22903, CVE-2024-25228
    Exploit chain in Vinchin Backup & Recovery - GitHub

  • ๐Ÿ”’ CVE-2024-30920 to CVE-2024-30929, CVE-2024-31818
    Research and exploitation in DerbyNet - GitHub

  • ๐Ÿ”’ CVE-2024-31819
    Unauthenticated RCE in WWBN AVideo via systemRootPath - GitHub

  • ๐Ÿ”’ CVE-2024-3032
    Themify Builder < 7.5.8 - Open Redirect - WPScan


โ˜๏ธ Additionally, I serve as a moderator and hunter at LeakIX, where I contribute to the discovery and responsible disclosure of vulnerabilities.

LeakIX

๐Ÿšจ Exploit Development & PoC Contributions

In addition to CVE contributions, Iโ€™ve been actively involved in developing exploits and PoCs to demonstrate potential security risks. These efforts provide the cybersecurity community with essential tools for testing and mitigation.

  • ๐Ÿ”’ WordPress Backup & Migration 1.3.7 RCE (CVE-2023-6553)
    Reproduced and co-authored the Metasploit module - Packet Storm

  • ๐Ÿ”’ Vinchin Backup And Recovery Command Injection (CVE-2023-45498, CVE-2023-45499)
    Created a Metasploit module - Packet Storm

  • ๐Ÿ”’ MajorDoMo Command Injection (CVE-2023-50917)
    Developed a Metasploit module - Packet Storm

  • ๐Ÿ”’ Splunk XSLT Upload RCE (CVE-2023-46214)
    Authored a Metasploit module - Packet Storm

  • ๐Ÿ”’ WordPress Royal Elementor Addons And Templates Remote Shell Upload (CVE-2023-5360)
    Created a Metasploit module - Packet Storm

  • ๐Ÿ”’ Extensive VC Addons for WPBakery Page Builder < 1.9.1 Unauthenticated RCE (CVE-2023-0159)
    Reported LFI to RCE escalation - WPScan

  • ๐Ÿ”’ Bricks Builder Theme 1.9.6 Remote Code Execution (CVE-2024-25600) PoC Reproduction
    Reproduced PoC based on snicco's research and developed a Metasploit module - GitHub
    Also published on Packet Storm - Packet Storm

  • ๐Ÿ”’ Unauthenticated RCE in WWBN AVideo (CVE-2024-31819)
    Developed a Metasploit module - Packet Storm

  • ๐Ÿ”’ WordPress Hash Form 1.1.0 Remote Code Execution (CVE-2024-5084)
    Developed a Metasploit module - Packet Storm

  • ๐Ÿ”’ SPIP 4.2.12 Remote Code Execution (CVE-2024-7954)
    Developed a Metasploit module - Packet Storm

  • ๐Ÿ”’ SPIP BigUp 4.3.1 / 4.2.15 / 4.1.17 Unauthenticated Remote Code Execution
    Developed a Metasploit module - Packet Storm

  • ๐Ÿ”’ VICIdial Authenticated Remote Code Execution
    Developed a Metasploit module - Packet Storm


Caution

โš ๏ธ Disclaimer Please use the information and exploits provided in my repositories for educational purposes and responsible disclosure only. I am not responsible for any misuse or damage caused by using these tools, scripts, or exploits.




๐Ÿค“ Stats for nerds ๐Ÿ“Š

Introduction

Views
Visitors

๐ŸŽถ Spotify ๐ŸŽง

Spotify

Pinned Loading

  1. CVE-2023-29357 CVE-2023-29357 Public

    Microsoft SharePoint Server Elevation of Privilege Vulnerability

    Python 230 31

  2. CVE-2024-25600 CVE-2024-25600 Public

    Unauthenticated Remote Code Execution โ€“ Bricks <= 1.9.6

    Python 154 33

  3. CVE-2023-22515 CVE-2023-22515 Public

    CVE-2023-22515: Confluence Broken Access Control Exploit

    Python 130 29

  4. CVE-2024-45519 CVE-2024-45519 Public

    Zimbra - Remote Command Execution (CVE-2024-45519)

    Python 116 18

  5. CVE-2024-3273 CVE-2024-3273 Public

    D-Link NAS CVE-2024-3273 Exploit Tool

    Python 93 21

  6. CVE-2023-6553 CVE-2023-6553 Public

    Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution

    Python 77 23