hiimjoey11 Posted July 7, 2015 Share Posted July 7, 2015 I am trying to create a quick script to change the administrator password on all our PCs, but I need to embed the password in the script. Is there a way to do this securely? I dont want the password in plain text, and i dont want someone to be able to decompile the script and be able to get the password.I plan on changing the password with the code below RunWait(@ComSpec & ' /c net user Administrator passwordHere') Thanks! Link to comment Share on other sites More sharing options...
BrewManNH Posted July 7, 2015 Share Posted July 7, 2015 You can't really secure the password in a compiled script. You could use something like the SelfDelete script in the Examples forum to delete the script when it's run. If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag GudeHow to ask questions the smart way! I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from. Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays. - ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script. - Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label. - _FileGetProperty - Retrieve the properties of a file - SciTE Toolbar - A toolbar demo for use with the SciTE editor - GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI. - Latin Square password generator Link to comment Share on other sites More sharing options...
hiimjoey11 Posted July 7, 2015 Author Share Posted July 7, 2015 You can't really secure the password in a compiled script. You could use something like the SelfDelete script in the Examples forum to delete the script when it's run.But then someone can decompile the script before it's run, right? Link to comment Share on other sites More sharing options...
Valuater Posted July 7, 2015 Share Posted July 7, 2015 Just as an idea... #include <MsgBoxConstants.au3> Example() Func Example() Local Const $sUserKey = "CryptPassword" ; Declare a password string to decrypt/encrypt the data. Local $sData = "..upon a time there was a language without any standardized cryptographic functions. That language is no more." ; Data that will be encrypted. Local $bEncrypted = _Crypt_EncryptData($sData, $sUserKey, $CALG_RC4) ; Encrypt the data using the generic password string. $bEncrypted = _Crypt_DecryptData($bEncrypted, $sUserKey, $CALG_RC4) ; Decrypt the data using the generic password string. The return value is a binary string. MsgBox($MB_SYSTEMMODAL, "Decrypted data", BinaryToString($bEncrypted)) ; Convert the binary string using BinaryToString to display the initial data we encrypted. EndFunc ;==>Example8) Link to comment Share on other sites More sharing options...
BrewManNH Posted July 7, 2015 Share Posted July 7, 2015 Depends on when you run the script.If these computers are on a domain with group policy set up, you can change the password using group policy and a startup script setting.. If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag GudeHow to ask questions the smart way! I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from. Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays. - ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script. - Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label. - _FileGetProperty - Retrieve the properties of a file - SciTE Toolbar - A toolbar demo for use with the SciTE editor - GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI. - Latin Square password generator Link to comment Share on other sites More sharing options...
hiimjoey11 Posted July 7, 2015 Author Share Posted July 7, 2015 Just as an idea... #include <MsgBoxConstants.au3> Example() Func Example() Local Const $sUserKey = "CryptPassword" ; Declare a password string to decrypt/encrypt the data. Local $sData = "..upon a time there was a language without any standardized cryptographic functions. That language is no more." ; Data that will be encrypted. Local $bEncrypted = _Crypt_EncryptData($sData, $sUserKey, $CALG_RC4) ; Encrypt the data using the generic password string. $bEncrypted = _Crypt_DecryptData($bEncrypted, $sUserKey, $CALG_RC4) ; Decrypt the data using the generic password string. The return value is a binary string. MsgBox($MB_SYSTEMMODAL, "Decrypted data", BinaryToString($bEncrypted)) ; Convert the binary string using BinaryToString to display the initial data we encrypted. EndFunc ;==>Example8) so this will encrypt it? Did i do this right? #include <MsgBoxConstants.au3> Example() Func Example() Local Const $sUserKey = "WontTheyKnowThisPasswordThen?" ; Declare a password string to decrypt/encrypt the data. Local $sData = "AdminPassword." ; Data that will be encrypted Local $bEncrypted = _Crypt_EncryptData($sData, $sUserKey, $CALG_RC4) ; Encrypt the data using the generic password string. $bEncrypted = _Crypt_DecryptData($bEncrypted, $sUserKey, $CALG_RC4) ; Decrypt the data using the generic password string. The return value is a binary string. RunWait(@ComSpec & ' /c net user Administrator ' & BinaryToString($bEncrypted)) ; Convert the binary string using BinaryToString to display the initial data we encrypted. EndFunc ;==>Example Link to comment Share on other sites More sharing options...
orbs Posted July 7, 2015 Share Posted July 7, 2015 I am trying to create a quick script to change the administrator password on all our PCs, and how, pray tell, will you be executing this script on target machines?over network? use GPO, startup script, PsExec or similar to run this command directly, no script required.in person? the users launching the script must be elevated - which cripples the entire concept of them being prohibited from knowing the password.as for Valuater's idea - i failed to comprehend how does it provide any sort of protection. Signature - my forum contributions: Spoiler UDF: LFN - support for long file names (over 260 characters) InputImpose - impose valid characters in an input control TimeConvert - convert UTC to/from local time and/or reformat the string representation AMF - accept multiple files from Windows Explorer context menu DateDuration - literal description of the difference between given dates Apps: Touch - set the "modified" timestamp of a file to current time Show For Files - tray menu to show/hide files extensions, hidden & system files, and selection checkboxes SPDiff - Single-Pane Text Diff Link to comment Share on other sites More sharing options...
Valuater Posted July 7, 2015 Share Posted July 7, 2015 (edited) @Orbs, I have used this very same system in many instances. Typically I have the encryption out side of the script as a separate generator. Then inside the script it is decrypted along with being obfuscated. Sorry you couldn't find any value for the idea, hope that helps. 8) Edited July 7, 2015 by Valuater Link to comment Share on other sites More sharing options...
hiimjoey11 Posted July 8, 2015 Author Share Posted July 8, 2015 @Orbs, I have used this very same system in many instances. Typically I have the encryption out side of the script as a separate generator. Then inside the script it is decrypted along with being obfuscated. Sorry you couldn't find any value for the idea, hope that helps. 8)I would have to encrypt it outside of AutoIt... as soon as i did your method, i could still use a decompiler and pull the password directly from that script. Link to comment Share on other sites More sharing options...
hiimjoey11 Posted July 8, 2015 Author Share Posted July 8, 2015 and how, pray tell, will you be executing this script on target machines?over network? use GPO, startup script, PsExec or similar to run this command directly, no script required.in person? the users launching the script must be elevated - which cripples the entire concept of them being prohibited from knowing the password.as for Valuater's idea - i failed to comprehend how does it provide any sort of protection.Using a program that is installed on all our computers to spread the program and execute it. I will see if this has the ability to run command line operations and just do it that way if there is no autoIt friendly way! Thanks! Link to comment Share on other sites More sharing options...
orbs Posted July 8, 2015 Share Posted July 8, 2015 good call! b.t.w the question is not about "script or no script", it's about how that program is invoked. if it's a service, or invoked by remote admin, you're ok to go, script or no script. if it's running in the user context, then you still have to tackle that issue, script or no script. good luck! Signature - my forum contributions: Spoiler UDF: LFN - support for long file names (over 260 characters) InputImpose - impose valid characters in an input control TimeConvert - convert UTC to/from local time and/or reformat the string representation AMF - accept multiple files from Windows Explorer context menu DateDuration - literal description of the difference between given dates Apps: Touch - set the "modified" timestamp of a file to current time Show For Files - tray menu to show/hide files extensions, hidden & system files, and selection checkboxes SPDiff - Single-Pane Text Diff Link to comment Share on other sites More sharing options...
hiimjoey11 Posted July 8, 2015 Author Share Posted July 8, 2015 good call! b.t.w the question is not about "script or no script", it's about how that program is invoked. if it's a service, or invoked by remote admin, you're ok to go, script or no script. if it's running in the user context, then you still have to tackle that issue, script or no script. good luck! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now