So now it was time to remove the whole roof. I had NFI how to repair a regular roof let alone an RV roof. Luckily my Uncle was a little more handy than me. We started by pulling off the side rails then just straight ripping off the Luan/insulation completely from the bathroom wall to the front overcab bed. This paint scraper was a life safer in removing the old aluminum roof, wood, glue, and nails. Roughly about a 8’x13′ area was ripped out, we had to also remove the angle brackets holding the cabinets to the ceiling, the old TV antenna, and also remove the fridge vent and bathroom fan.
We had to go with thinner insulation to accommodate the thicker wood but had to make sure we didn’t go over the height of the original sidewalls so we could get the siderails back on afterword, which we actually trashed the broken side because it was damaged from the tree. Not realizing that the rails were not really a standard sizing. Also would have cost a lot in shipping if Winnebago actually had replacements. I ended up finding a smaller curved piece at a local RV dealership and used a hot air gun to kind of bend it back straight. I also fiberglassed the side damage and a hole in the front area near the running lights that the tree limbs caused. After getting all the new plywood down and cutting holes for the fans, vents, and pipes we spread all the glue down then used a roller to roll out the PVC replacement roof from classacustoms.com.
Then it was time to work on the ceiling. I ended up choosing some cedar wood from Home Depot because it smells good, naturally resists mildew, odors and repels some bugs. I also put in some aluminum channels and multi-color LED lighting to keep the power usage down since I was planning to install solar at some point. Originally I was going to put in recessed lights but it would have bee a pain in the ass to do all the wiring and holes, and for some reason when I was testing the recessed lights with the generator they were blinking off and on. So stuck with the LED lights and multicolor so I can change colors to whatever mood. (Update: I recently replaced the LEDS strips with different ones because they ended up having color match issues on each side, so now its one complete strip going around.)
I got this 1994 Winnebago ‘Minnie Winnie’ 421RB (Ford E350 cutaway van bodystyle) from a car auction for $1200 in August 2021. I was looking around for RVs/Vans that I could convert into a remote work-from-home office. My dad decided to jump the gun and bid on it without telling me, it was a WTF moment when I first saw the pics on the auction site, but eventually decided I was up for the challenge. It had some good things like a built in generator, 90k miles. I ended up finding the original owner and found that he had bought it for 13k in 2008 and in Summer 2021 a thunderstorm knocked a tree down in his yard and it fell onto the RV (insurance company gave him 20k). As you can see from the pics it fell through the roof , crushing the AC unit. It also poked a hole near the front antenna mount, and part of the tree limb knocked out the plumbing, you can see the small hole by the left rear wheel well ( oddly perfect hit to knock out the plumbing/drainage pipe).
The biggest problem is that it sat for about a month in the previous owners driveway until the insurance company could come out and look at it due to COVID etc, then it say another month in the auction lot until it was auctioned. There was significant water damage in the ceiling and floor due to other rainstorms also dumping water in there for those 2 months.
So the game plan was somehow fix the holes in the roof originally. But come to find out first that the roof consisted of a layer of thin aluminum, which i could not figure out where to source anywhere. Coupled with the fact the more i looked into it that the water damage was too much because Winnebago uses very thin Luan plywood panels glued to foam insulation and all that wood was pretty much rotted because Luan is relatively inexpensive and easy to work with, but it is not very durable or resistant to moisture.
I started doing a lot of research on RV restoration/remodeling and came across an awesome resource on YouTube from AZExpert. His video were tremendously helpful in seeing what the insides of RV roofs looked like and how to fix/replace them. So after calling numerous places for 8×13 aluminum rolls with no luck, I decided I would go with an alternative. After searching around I found a really good price on a PVC kit from classacustoms.com for $189. Stay tuned for ripping apart the roof in Part 2…
Continuing the Intro boxes with my local infosec group the second box on the list is Oopsie. It’s listed as an Easy box, but for some people starting out that aren’t familiar with webapps they could get lost, especially figuring out the initial login foothold. It’s IP is 10.10.10.28 and you need the login pack for OpenVPN to reach it, you cant reach it with your normal one.
So I’m going to probably post my HackTheBox solutions here so I have somewhere I can look at them in case I’m not home etc.. I sometimes refer back to my notes when I am with clients so I don’t have to reinvent the wheel to solve the same problem, so it would be nice to have them accessible anywhere.
I am going to start off with Archetype, which is an intro box for beginners that I did with my local tech group to help walk them through learning the concepts behind penetration testing.
Working on a personal project collecting breach DBs, I had come across the Zynga dump. On September 12th, 2019, Zynga publicly acknowledged the data breach had happened. The company developed games including Farmville, Zynga Poker, Words With Friends, Mafia Wars, Café World, and Empires & Allies etc… The breach contains 206,267,210 records including duplicates and 150,363,954 records without duplicates. The following information was leaked:
I used to see alot of networks setup and either the tech or the end user choosing the person/business’s phone number as the password. So I usually try to test these first when trying to crack a WiFi password.
I was looking into more efficient ways to crack the password if you were working in a virtual machine and didn’t have access to a GPU cracking rig to utilize hashcat.
Kon-Boot is an awesome tool that I’ve used extensively with tech jobs that I’ve had in the past (it’s been around since 2009), for clients that couldn’t remember their password :/ or a employee that was fired etc… Most recently Red-Team pentest engagements when I’ve had physical access to a box and needed quick and stealth access. It allows accessing a target computer (Windows/Mac OSX) without knowing the user’s password.
Kon-Boot does not need to remove or modify the user’s password and all changes are reverted back to previous state after system restart unlike other tools that just remove/modify the password and is currently the only solution that I know of that can bypass Windows 10 online passwords.
Recently I had done some training where we setup ESXI 6.7 on a Intel NUC. It’s been over a month since I’ve touched it. Apparently during the training my coworker had set a root password for the install, which was supposedly written down, but was either typed wrong in the notes or fat-fingered while setting it. Unfortunately, you can no longer boot into single user mode or Service Console to reset the password and VMware suggest you reinstall ESXI to reset the password. I didn’t want to risk trying that method because I wasnt sure if it would affect the currently installed VMs and I didn’t have a copy of ESXI with me to do so. Instead I used a bootable Kali USB to mount the ESXI drive and reset the root password to a blank password by editing the shadow file.
On Twitter about a month ago @jermainlaforce had an awesome idea of hiding a USB HID device inside a lighter case, using one of those cheap Chinese spycams you can find on ::ebay:: for $5. HID attack tools are nothing new, here’s a video of one I made in 2011 using a Teensy board (edit: youtube account died)