Leberschnitzel Posted March 24, 2017 Share Posted March 24, 2017 Hi everyone, I made a script that runs a locally installed console with a runas /netonly so it can access an SQL DB in another domain through an ODBC connection. The script asks the user for username and password and then uses that information in the autoit RunAs command. Pretty straight forward and it works. All this is meant to be put into an AppV Sequence, and that works too. The problem is: The password is saved in a variable as string, which means that it could be pulled from the memory in cleartext if someone would want to. Question: Is there a possibility to save strings securely in the memory with autoit, so this can't happen? Here's the script in question. It also saves the Username in the registry so the user doesn't have to enter it every time. #include <AutoItConstants.au3> ;Define Variables - ONLY THINGS TO EDIT TO RUN-AS! $ConnectDomain = "<DomainName>" $ExeToRun = "<ConsoleExe>" ;Get default user: $TSCredStore = "HKCU\Software\Company\Credentials\"&$ConnectDomain $DefaultUser = RegRead($TSCredStore, "User") ;Window Asking for user, exit on cancel: $MKAU = InputBox ( $ConnectDomain&" - User", "Please enter your "&$ConnectDomain&" User without domain.", $DefaultUser," M") If @Error Then Exit EndIf ;Write User to Default User Credentials Key: RegWrite($TSCredStore, "User", "REG_SZ", $MKAU) ;Window Asking for password: $MKAP = "" $MKAP = InputBox ( $ConnectDomain&" - Password", "Please enter your "&$ConnectDomain&" Password" , "" , "*M") If @Error Then ;Empty Password Variable $MKAP = "" Exit EndIf ;Run Console with User RunAs($MKAU,$ConnectDomain,$MKAP,$RUN_LOGON_NETWORK, @Scriptdir&"\"&$ExeToRun,"",@SW_SHOW , $STDIN_CHILD ) ;Empty Password Variable $MKAP = "" Link to comment Share on other sites More sharing options...
taylansan Posted March 24, 2017 Share Posted March 24, 2017 As I read from other topics related to deleting your variable or assigning 0 or ""; please check if those topics may help you: I have one suggestion: I see that you directly save your password to the variable MKAP. Well, do not assign your password directly to a variable. Try to encrypt it in the first time, and send the password back without assigning to variable again (at least your user key needs to be stored): #include <Crypt.au3> ;... some of your code from the top ;$MKAP = InputBox ( $ConnectDomain&" - Password", "Please enter your "&$ConnectDomain&" Password" , "" , "*M") Local Const $sUserKey = "YouNeedAUserKey" ; Declare a password string to decrypt/encrypt the data. ;assign MKAP to the crypted value, not directly to the original password Local $MKAP = _Crypt_EncryptData(InputBox ("$ConnectDomain - Password", "Please enter your $ConnectDomain Password" , "" , "*M"), $sUserKey, $CALG_AES_256) ;Run Console with User ;RunAs($MKAU,$ConnectDomain,$MKAP,$RUN_LOGON_NETWORK, @Scriptdir&"\"&$ExeToRun,"",@SW_SHOW , $STDIN_CHILD ) ;send the encrypted one without assigning to a variable RunAs($MKAU,$ConnectDomain,BinaryToString(_Crypt_DecryptData($MKAP, $sUserKey, $CALG_AES_256)),$RUN_LOGON_NETWORK, @Scriptdir&"\"&$ExeToRun,"",@SW_SHOW , $STDIN_CHILD ) TY. Link to comment Share on other sites More sharing options...
Leberschnitzel Posted March 28, 2017 Author Share Posted March 28, 2017 Hi taylansan, thanks for your ideas! I'll try the encryption with a key generated inside the script Kind Regards Christian Link to comment Share on other sites More sharing options...
JohnOne Posted March 28, 2017 Share Posted March 28, 2017 RunAs($MKAU,$ConnectDomain,InputBox ( $ConnectDomain&" - Password", "Please enter your "&$ConnectDomain&" Password" , "" , "*M"),$RUN_LOGON_NETWORK, @Scriptdir&"\"&$ExeToRun,"",@SW_SHOW , $STDIN_CHILD ) No variable. AutoIt Absolute Beginners Require a serial Pause Script Video Tutorials by Morthawt ipify Monkey's are, like, natures humans. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now