can I save my password in script

[FATIHTALI]

I have big network.

We dont want administrator on our network. Everybody will be standart user.

But some special process need to administrator privillage.

If I run program with this script it will work. But I dont want to lost my password.

How can I save my password in my script.

RunAs("administrator","domain","password",0,"c:\xxxx.exe",@SystemDir)

[Medic84]

RunAs("administrator","domain","password",0,"c:\xxxx.exe",@SystemDir)

Use a varibles

$passv = "password"
RunAs("administrator","domain",$passv,0,"c:\xxxx.exe",@SystemDir)

[FATIHTALI]

with this way.

Can I proteckt my code for hexeditor or decomplier?

can they see my password with hexeditor?

[water]

I used Medic84 code, compiled it and then checked the resulting exe. You can't find the password because the code seems to be encrypted.

So you can't find the password using an hex editor.

But you CAN find the password (the whole code) when you use an decompiler. A post some days ago mentioned it to be still possible.

$passv = "password"
RunAs("administrator","domain",$passv,0,"c:\xxxx.exe",@SystemDir)

[Juvigy]

You shouldnt store plain passwords in your script.At least use some encryption functions.

De compilation is still very EASY and ever obfuscator doesnt help much.

[jvanegmond]

In the end, you are telling your computer the unencrypted password anyway.

[Juvigy]

Well yes but at least it is a little bit more secure then nothing.

It wont be so easy for a 8 year old with google access to see your pass.

Anyway - decompiling is against the EUA.

[jvanegmond]

Well yes but at least it is a little bit more secure then nothing.

It wont be so easy for a 8 year old with google access to see your pass.

Anyway - decompiling is against the EUA.

I don't think a 8 year old with Google access knows what EULA is, and even if he does he's not going to care.

[Medic84]

So, if you write a encrypted password and write a unencripting function, hacker still to find the right password.

P.s. I think you understand what I mean. Once again, sorry for my English

[Yashied]

with this way.

Can I proteckt my code for hexeditor or decomplier?

can they see my password with hexeditor?

http://www.bitsum.com/pecompact.php

[Medic84]

http://www.bitsum.com/pecompact.php

Were I may take a free analog? Edited September 28, 2009 by Medic84

[FATIHTALI]

Thank you everybody.

I will recode my program.

[Yashied]

Were I may take a free analog?

Demo not satisfied?

[haputanlas]

Do a conversion of your password with MD5. Use an MD5 UDF like the following link and this way, your password will not be revealed even if it is decompiled. Apparently there is no way to reverse crack an MD5 hash.

So essentially, your password should be stored in your script as the MD5 computed output of your real password, then you use an MD5 conversion to dynamically take input from the program to authenticate against the stored MD5 password.

If I have more time in the next few hours, I will post an example.

http://www.dailycupoftech.com/?page_id=135

Justin

[haputanlas]

Sorry, use this updated UDF. The previous example is no longer applicable.

http://www.autoitscript.com/forum/index.php?showtopic=81484&st=0&p=584701&hl=md5%20udf&fromsearch=1&#entry584701

[haputanlas]

Using the above UDF, I have created an example CLI app that only accepts the password 'password'. However, note that this password is not stored in the code at all and cannot be decrypted (Unless authenticated against a "known MD5 result" database - very unlikely for your password).

#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_Change2CUI=y
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
#include <Hash39.au3>

$passwordMD5 = "5f4dcc3b5aa765d61d8327deb882cf99" ; This is the MD5 version of the password 'password' . This is what a hacker would see

$password = _Hash("md5", $CmdLine[1])

Switch $password
    Case "5f4dcc3b5aa765d61d8327deb882cf99"
        MsgBox(0, "Password correct", "The password you typed is correct")
    Case Else
        MsgBox(0, "Password incorrect", "The password you typed is incorrect")

EndSwitch

Justin

[monoceres]

Apparently there is no way to reverse crack an MD5 hash.

Cute. MD5 is not considered a very secure hashing algorithm. Proves of collisions have been found and bruteforcing them is getting easier by the minute. For example, if you have a new high-end graphics card you can achieve around 1 billion hashes/s without any real problems. Also, since most passwords are just random words people come up with most passwords will be found within minutes using a hybrid dictionary/bruteforce attack.

So essentially, your password should be stored in your script as the MD5 computed output of your real password, then you use an MD5 conversion to dynamically take input from the program to authenticate against the stored MD5 password.

Since Windows doesn't accept an MD5 hash as password what are you going to do with the hash?

Edited September 28, 2009 by monoceres

[haputanlas]

Cute. MD5 is not considered a very secure hashing algorithm. Proves of collisions have been found and bruteforcing them is getting easier by the minute. For example, if you have a new high-end graphics card you can achieve around 1 billion hashws/s without any real problems. Also, since most passwords are just random words people come up with most passwords will be found within minutes using a hybrid dictionary/bruteforce attack.

Since Windows doesn't accept an MD5 hash as password what are you going to do with the hash?

Well, I guess I'm not up to date on MD5 issues, however with the UDF you use many other hashing algorithms : CRC, Adler, MD5, SHA, HAVAL, RIPEMD, Tiger, WHIRLPOO

Also, Windows doesn't have to support MD5 if you are using the provided UDF. Check out my example and replace MD5 with whatever hashing mechanism you want.

This should still provide him with what he is looking for.

Justin

[haputanlas]

Nevermind, I get what you are saying about Windows not accepting the hash password. This example would only work for script authentication and not passing to the Windows system.

Justin

[Notepad]

I don't think a 8 year old with Google access knows what EULA is, and even if he does he's not going to care.

Thats very offensive LOL im 11 Got a problem??? I know what an EULA is and I DO CARE!!! OMG

i can make hacks,trainers and virisis(all kinds) and i'm 11!!!