SN 905: 1 (One)

Beep boop - this is a robot. A new show has been posted to TWiT…

What are your thoughts about today’s show? We’d love to hear from you!

1 Like

Tried following Steve’s instructions to run PowerShell script but ran into issues. Found a YouTube video that clarified things. On my Windows 11, the permission policy was set to restricted by default.

I tried to warn Steve of this, but he didn’t listen to me. Also, I would reset that back, were I you… because you’re safer if scripts can’t run without a change. (If you follow the SANS Institute’s ISC Blog, you’ll see plenty of malware trying to use PowerShell as an infection vector.)

4 Likes

You can configure Powershell to run scripts at a lower level for the session, so you can do this for scripts you know are safe.

This was sort of influenced by the line of reasoning that @PHolder elicited on the other thread, but I’m kind of interested in this idea of parallelizing the brute force operations.

Do you think that the increased interest around large language models like ChatGPT will result in an acceleration of brute force capability?

Steve’s calculations this week essentially rested on the notion that high-gpu count machines are readily available as a side effect of cryptocurrency. Won’t even more ridiculously-parallel machines proliferate as more people get interested in working on these types of models? And won’t new products be created to cater towards these requirements?

And what the heck is a Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second)

Does this describe capabilities a cryptocurrency mining facility?

The massive cracking array scenario is when you have hundreds of graphics cards running in parallel to crack the passwords.

RE: Powerscript, I would enable scripts, run Steve’s script, then disable scripts again, if you don’t regularly need to run your own. As @PHolder says, a lot of malware uses PowerShell scripts these days to infect systems. If you don’t need to run scripts, don’t allow them to be run.

I’ve taken to allowing signed scripts on my machine, because I do a lot of administrative tasks and then I sign the scripts myself. It is long winded and not much fun, but safer than allowing all scripts.

1 Like

Powershell has had such a slow and steady evolution it’s hard to remember how far it’s come as a scripting language. Enjoy your deep dive into it Steve!

I just find it annoying. Unless you’re trying to tweak very Windows specific things (the registry or other system settings) I think the same thing or better can be done with Python and end up being cross platform.

I’ve never tried this, but isn’t PowerShell now open source and available on macOS and Linux as well?

Probably, that doesn’t make it a good platform. Python has tools (IDEs, GUIs, PyPy package manager, compiler/packagers, etc) that a limited tool like PowerShell can only dream of. Plus Python is like the number one scripting language according to those who measure such things. https://www.tiobe.com/tiobe-index/

I simply run this command in command prompt and I had no issues executing the powershell script.

Powershell.exe -ExecutionPolicy Unrestricted -File %homepath%\Downloads\Analyze-LastPass-Vault\Analyze-LastPassVault.ps1

The above assumes you kept the zip filename as is and extracted it in your Downloads folder. I run scripts similar to this for work so it isn’t a big deal for me.

I’m glad to say everything is encrypted in CBC cipher mode. But unfortunately, since I had to re-install the LastPass browser plugin just to get this info, I checked my iteration count and it is at the sad sad 5,000.

Later LastPass. Wish I never knew you.

1 Like

Just tried to run the script on Powershell for Mac, just for LOLs :laughing:

Screenshot 2023-01-13 at 22.44.06

1 Like

Is the script still available on Steve’s site (link in the show notes)? When I try, it tells me the files is no longer available. I’m not sure if that is because BitDefender thought it was an unsafe script and blocked it (would that result in the browser saying the file is no longer available)?

I tried turning off the web protection in BitDefender and still got the same error.

grc.sc/905 still works for me.

1 Like

The second link in the show notes is incorrect. The link text is https://www.grc.com/miscfiles/Analyze-LastPass-Vault.zip, but clicking on it brings you to https://www.grc.com/miscfiles/LastPassVault.zip. So, either copy the text or use the short link, as PHolder suggested.

Thank you! That link worked.

Long time Lastpass user (probably close to a decade) and I did not find any ECB logins. Moving swiftly to other password managers!

2 Likes