LisHawj Posted September 4, 2018 Posted September 4, 2018 I created the following credential prompt that my technicians must supply a username and password to kick off the BitLocker encryption process. I would like to secure and ensure their username and password is not getting passed as plain text or is easily compromised when passing the username and password to the RUNAS command. I have looked at the built in hash encryption or Crypt.Au3 examples and am unable to determine how to use it for a credential prompt box. Please give me some advice or pointers on securing username/password when utilized as follow. Thank you, $hOSP_DJ = GUICreate("Windows 10 OS Provisioning Utility", 494, 253, -1, -1) $sOSPName = GUICtrlCreateInput("", 205, 156, 153, 21) $sOSPPass = GUICtrlCreateInput("", 205, 188, 153, 21, BitOR($GUI_SS_DEFAULT_INPUT, $ES_PASSWORD)) $hOSP_ButtonOK = GUICtrlCreateButton("Ok", 283, 220, 75, 25) $Label1 = GUICtrlCreateLabel("Username", 140, 158, 60, 17) GUICtrlSetFont(-1, 8, 800, 0, "MS Sans Serif") $Label2 = GUICtrlCreateLabel("Password", 142, 190, 58, 17) GUICtrlSetFont(-1, 8, 800, 0, "MS Sans Serif") $OSDJ_Label1 = GUICtrlCreateLabel("BitLocker encryption phase 1.", 14, 16, 157, 17) $OSDJ_Label2 = GUICtrlCreateLabel("Input your user account number and password into the boxes below.", 14, 36, 356, 17) $OSDJ_Label4 = GUICtrlCreateLabel("IMPORTANT NOTE - The password is not your VPN password.", 14, 120, 468, 17) GUICtrlSetFont(-1, 8, 800, 0, "MS Sans Serif") $OSDJ_Label3 = GUICtrlCreateLabel("Please contact your manager if you do not know your user account information.", 14, 56, 388, 17) GUISetState(@SW_SHOW) While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit Case $hOSP_ButtonOK $sOSP_ID = GUICtrlRead($sOSPName) $sOSP_IDPW = GUICtrlRead($sOSPPass) $iPID = RunAs($sOSP_ID, "Learning123", $sOSP_IDPW, 2, @ComSpec & " /c " & "C:\Windows\System32\manage-bde.exe" & $sBDE_On, "", @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD) EndSwitch WEnd
FrancescoDiMuro Posted September 5, 2018 Posted September 5, 2018 @LisHawj So, you don't want to make Username and Password visible or "not crypted" when they are typed? Or you want to crypt them, and passing them in the function RunAs() as two crypted texts? Click here to see my signature: Spoiler ALWAYS GOOD TO READ: Forum Rules Forum Etiquette
AutoBert Posted September 5, 2018 Posted September 5, 2018 Is Learning123 a app you wrote? Then it's possible, your loginbox crypts the login information and Learning123 must decrypt them.
caramen Posted September 5, 2018 Posted September 5, 2018 (edited) Well i can see frensh words in your first post... Si tu es Francais... J'ai un exemple assez simple que tu pourra utiliser et comprendre. Rapproche toi de moi en MP si tu as des questions. If you are French... blablabla If you are not French I got an easy exemple of encrypting decrypting some username password. look : ENCRYPTION EXEMPLE : expandcollapse popup#include <Crypt.au3> #include <ComboConstants.au3> #include <GUIConstantsEx.au3> Local $bAlgorithm = $CALG_RC4 Local $sFilePath = "" GUICreate("File Encrypter", 425, 100) Local $iSourceInput = GUICtrlCreateInput("", 5, 5, 200, 20) Local $iSourceBrowse = GUICtrlCreateButton("...", 210, 5, 35, 20) Local $iDestinationInput = GUICtrlCreateInput("", 5, 30, 200, 20) Local $iDestinationBrowse = GUICtrlCreateButton("...", 210, 30, 35, 20) GUICtrlCreateLabel("Password:", 5, 60, 200, 20) Local $iPasswordInput = GUICtrlCreateInput("", 5, 75, 200, 20) Local $iCombo = GUICtrlCreateCombo("", 210, 75, 100, 20, $CBS_DROPDOWNLIST) GUICtrlSetData(-1, "3DES|AES (128bit)|AES (192bit)|AES (256bit)|DES|RC2|RC4", "RC4") Local $iEncrypt = GUICtrlCreateButton("Encrypt", 355, 70, 65, 25) GUISetState(@SW_SHOW) While 1 Switch GUIGetMsg() Case $GUI_EVENT_CLOSE Exit Case $iSourceBrowse $sFilePath = FileOpenDialog("Select a file to encrypt.", "", "All files (*.*)") ; Select a file to encrypt. If @error Then ContinueLoop EndIf GUICtrlSetData($iSourceInput, $sFilePath) ; Set the inputbox with the filepath. Case $iDestinationBrowse $sFilePath = FileSaveDialog("Save the file as ...", "", "All files (*.*)") ; Select a file to save the encrypted data to. If @error Then ContinueLoop EndIf GUICtrlSetData($iDestinationInput, $sFilePath) ; Set the inputbox with the filepath. Case $iCombo ; Check when the combobox is selected and retrieve the correct algorithm. Switch GUICtrlRead($iCombo) ; Read the combobox selection. Case "3DES" $bAlgorithm = $CALG_3DES Case "AES (128bit)" If @OSVersion = "WIN_2000" Then MsgBox(16, "Error", "Sorry, this algorithm is not available on Windows 2000.") ; Show an error if the system is Windows 2000. ContinueLoop EndIf $bAlgorithm = $CALG_AES_128 Case "AES (192bit)" If @OSVersion = "WIN_2000" Then MsgBox(16, "Error", "Sorry, this algorithm is not available on Windows 2000.") ContinueLoop EndIf $bAlgorithm = $CALG_AES_192 Case "AES (256bit)" If @OSVersion = "WIN_2000" Then MsgBox(16, "Error", "Sorry, this algorithm is not available on Windows 2000.") ContinueLoop EndIf $bAlgorithm = $CALG_AES_256 Case "DES" $bAlgorithm = $CALG_DES Case "RC2" $bAlgorithm = $CALG_RC2 Case "RC4" $bAlgorithm = $CALG_RC4 EndSwitch Case $iEncrypt Local $sSourceRead = GUICtrlRead($iSourceInput) ; Read the source filepath input. Local $sDestinationRead = GUICtrlRead($iDestinationInput) ; Read the destination filepath input. Local $sPasswordRead = GUICtrlRead($iPasswordInput) ; Read the password input. If StringStripWS($sSourceRead, 8) <> "" And StringStripWS($sDestinationRead, 8) <> "" And StringStripWS($sPasswordRead, 8) <> "" And FileExists($sSourceRead) Then ; Check there is a file available to encrypt and a password has been set. Local $iSuccess = _Crypt_EncryptFile($sSourceRead, $sDestinationRead, $sPasswordRead, $bAlgorithm) ; Encrypt the file. If $iSuccess Then MsgBox(0, "Success", "Operation succeeded.") FileDelete(@SCRIPTDIR & '\Settingstest.ini') Else Switch @error Case 1 MsgBox(16, "Error", "Failed to create the key.") Case 2 MsgBox(16, "Error", "Couldn't open the source file.") Case 3 MsgBox(16, "Error", "Couldn't open the destination file.") Case 4 Or 5 MsgBox(16, "Error", "Encryption error.") EndSwitch EndIf Else MsgBox(16, "Error", "Please ensure the relevant information has been entered correctly.") EndIf EndSwitch WEnd DECRYPTION EXEMPLE: #include <Crypt.au3> Local Const $sUserKey = "CryptPassword" ; Declare a password string to decrypt/encrypt the data. Local $sData = "..upon a time there was a language without any standardized cryptographic functions. That language is no more." ; Data that will be encrypted. Local $bEncrypted = _Crypt_EncryptData($sData, $sUserKey, $CALG_RC4) ; Encrypt the data using the generic password string. $bEncrypted = _Crypt_DecryptData($bEncrypted, $sUserKey, $CALG_RC4) ; Decrypt the data using the generic password string. The return value is a binary string. MsgBox(0, "Decrypted data", BinaryToString($bEncrypted)) ; Convert the binary string using BinaryToString to display the initial data we encrypted. BOTH, IN SAME AU3 (my autologin script) : I did it a loooooonnnnnnng time ago so i guess you will be able to improve a lot of things. expandcollapse popupOpt("MouseCoordMode", 0) Opt("PixelCoordMode", 0) #include <Crypt.au3> #include <ComboConstants.au3> #include <ButtonConstants.au3> #include <EditConstants.au3> #include <GUIConstantsEx.au3> #include <StaticConstants.au3> #include <WindowsConstants.au3> #include <Date.au3> #include <file.au3> HotKeySet("{PAUSE}", "Pause") HotKeySet("{ESCAPE}", "Exite") HotKeySet("{F1}", "Login1") HotKeySet("{F2}", "Login2") HotKeySet("{F3}", "Login3") HotKeySet("{F4}", "Login4") HotKeySet("{F5}", "Login5") Global $Paused Local $Password, $btn, $msg Local $a1,$a2 ,$a3 ,$a4 ,$a5 Local $b1,$b2 ,$b3 ,$b4 ,$b5 MsgBox ( 0, "Merci", "Developpé par Jordane Guemara.") $SettingsFile = @SCRIPTDIR & '\Settingstestcrypter.ini' ;Emplacement du fichier ini pour le script $Login1 = IniRead ($SettingsFile, 'Login', 'Login1', "Corrigez le fichier ini svp") $Login2 = IniRead ($SettingsFile, 'Login', 'Login2', "Corrigez le fichier ini svp") $Login3 = IniRead ($SettingsFile, 'Login', 'Login3', "Corrigez le fichier ini svp") $Login4 = IniRead ($SettingsFile, 'Login', 'Login4', "Corrigez le fichier ini svp") $Login5 = IniRead ($SettingsFile, 'Login', 'Login5', "Corrigez le fichier ini svp") $Pw1 = IniRead ($SettingsFile, 'Mot de passes', 'Pw1', "Corrigez le fichier ini svp") $Pw2 = IniRead ($SettingsFile, 'Mot de passes', 'Pw2', "Corrigez le fichier ini svp") $Pw3 = IniRead ($SettingsFile, 'Mot de passes', 'Pw3', "Corrigez le fichier ini svp") $Pw4 = IniRead ($SettingsFile, 'Mot de passes', 'Pw4', "Corrigez le fichier ini svp") $Pw5 = IniRead ($SettingsFile, 'Mot de passes', 'Pw5', "Corrigez le fichier ini svp") $a1 = BinaryToString(_Crypt_DecryptData($Login1,$Password,$CALG_RC4)) $a2 = BinaryToString(_Crypt_DecryptData($Login2,$Password,$CALG_RC4)) $a3 = BinaryToString(_Crypt_DecryptData($Login3,$Password,$CALG_RC4)) $a4 = BinaryToString(_Crypt_DecryptData($Login4,$Password,$CALG_RC4)) $a5 = BinaryToString(_Crypt_DecryptData($Login5,$Password,$CALG_RC4)) $b1 = BinaryToString(_Crypt_DecryptData($Pw1,$Password,$CALG_RC4)) $b2 = BinaryToString(_Crypt_DecryptData($Pw2,$Password,$CALG_RC4)) $b3 = BinaryToString(_Crypt_DecryptData($Pw3,$Password,$CALG_RC4)) $b4 = BinaryToString(_Crypt_DecryptData($Pw4,$Password,$CALG_RC4)) $b5 = BinaryToString(_Crypt_DecryptData($Pw5,$Password,$CALG_RC4)) ;~ Verifier le mot de passe Password () ;~ L'outil decrypt les pw Decryptage () ;~ Le programme attend While (1) Attendre () WEnd ;~ Fonction activer par la pression des touche Configurer plus haut Login1 () Login2 () Login3 () Login4 () Login5 () Pause () Exite () ;~ Verification du password de cryptage Func Password () GUICreate("Entrez votre mot de passe svp", 200, 70, @DesktopWidth / 2 - 160, @DesktopHeight / 2 - 45, -1, 0x00000018) $Password = GUICtrlCreateInput("Mot de passe", 10, 5, 180, 20,0x0020) GUICtrlSetState(-1, $GUI_DROPACCEPTED) $btn = GUICtrlCreateButton("Ok", 20, 35, 60, 20) GUISetState() $msg = 0 While $msg <> $GUI_EVENT_CLOSE $msg = GUIGetMsg() Select Case $msg = $btn ExitLoop EndSelect WEnd GUISetState (@SW_HIDE) $vCryptKey = $Password Attendre () EndFunc ;~ Func Decryptage () ;~ $bEncrypted = _Crypt_DecryptData($bEncrypted, $sUserKey, $CALG_RC4) ; Decrypt the data using the generic password string. The return value is a binary string. ;~ MsgBox(0, "Decrypted data", BinaryToString($bEncrypted)) ; Convert the binary string using BinaryToString to display the initial data we encrypted. ;~ Attendre () ;~ EndFunc Func Attendre () While (1) Sleep(1000) WEnd EndFunc Func Login1 () Sleep (100) Send ($a1) Sleep (500) Send ("{TAB}") Sleep (500) Send ($b1) Sleep (100) EndFunc Func Login2 () Sleep (100) Send ($a2) Sleep (500) Send ("{TAB}") Sleep (500) Send ($b2) Sleep (100) EndFunc Func Login3 () Sleep (100) Send ($a3) Sleep (500) Send ("{TAB}") Sleep (500) Send ($b3) Sleep (100) EndFunc Func Login4 () Sleep (100) Send ($a4) Sleep (500) Send ("{TAB}") Sleep (500) Send ($b4) Sleep (100) EndFunc Func Login5 () Sleep (100) Send ($a5) Sleep (500) Send ("{TAB}") Sleep (500) Send ($b5) Sleep (100) EndFunc ;~ Touche Quitter Func Exite () Exit EndFunc ;~ Touche Pause Func Pause() $Paused = NOT $Paused While $Paused Sleep (500) WEnd EndFunc; => Pause() Edited September 5, 2018 by caramen My video tutorials : ( In construction ) || My Discord : https://discord.gg/S9AnwHw How to Ask Help || UIAutomation From Junkew || WebDriver From Danp2 || And Water's UDFs in the Quote Spoiler Water's UDFs:Active Directory (NEW 2018-10-19 - Version 1.4.10.0) - Download - General Help & Support - Example Scripts - WikiOutlookEX (2018-10-31 - Version 1.3.4.1) - Download - General Help & Support - Example Scripts - WikiExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example ScriptsPowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & SupportExcel - Example Scripts - WikiWord - Wiki Tutorials:ADO - Wiki
LisHawj Posted September 5, 2018 Author Posted September 5, 2018 @caramen I am not French, and thank you for the examples you provided. The examples are very helpful and I have an idea on how to accomplish the task now. I will test and return if I have any other questions. Again, thank you very much!
LisHawj Posted September 5, 2018 Author Posted September 5, 2018 (edited) I have completed the tasks I need for encrypting username and password with the help of AutoIT's fantastic community members. I am sharing the stripped down, basic version here in the event someone else comes looking for examples on this topic in the future. This is not the version I use, but it's another easy example that may help someone else. Again, thank you! expandcollapse popup$hOSP_DJ = GUICreate("Windows 10 OS Provisioning Utility", 494, 253, -1, -1) $sOSPName = GUICtrlCreateInput("", 205, 156, 153, 21) $sOSPPass = GUICtrlCreateInput("", 205, 188, 153, 21, BitOR($GUI_SS_DEFAULT_INPUT, $ES_PASSWORD)) $hOSP_ButtonOK = GUICtrlCreateButton("Ok", 283, 220, 75, 25) $Label1 = GUICtrlCreateLabel("Username", 140, 158, 60, 17) GUICtrlSetFont(-1, 8, 800, 0, "MS Sans Serif") $Label2 = GUICtrlCreateLabel("Password", 142, 190, 58, 17) GUICtrlSetFont(-1, 8, 800, 0, "MS Sans Serif") $OSDJ_Label1 = GUICtrlCreateLabel("BitLocker encryption phase 1.", 14, 16, 157, 17) $OSDJ_Label2 = GUICtrlCreateLabel("Input your user account number and password into the boxes below.", 14, 36, 356, 17) $OSDJ_Label4 = GUICtrlCreateLabel("IMPORTANT NOTE - The password is not your VPN password.", 14, 120, 468, 17) GUICtrlSetFont(-1, 8, 800, 0, "MS Sans Serif") $OSDJ_Label3 = GUICtrlCreateLabel("Please contact your manager if you do not know your user account information.", 14, 56, 388, 17) GUISetState(@SW_SHOW) Global $sBDE_On = " -on C: -RecoveryPassword" Global Const $s3yobhmoobhawj = "NyobZooKuvYogHmoobHawj2018" While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit Case $hOSP_ButtonOK $sOSP_Name = GUICtrlRead($sOSPName) $sEncName = _StringEncrypt(True, $sOSP_Name, $s3yobhmoobhawj) ; Encrypt the data using the generic password string. $sOSP_IDPW = GUICtrlRead($sOSPPass) $sEncPW = _StringEncrypt(True, $sOSP_IDPW, $s3yobhmoobhawj) ; Encrypt the data using the generic password string. MsgBox(0,"","The encrypted hash value for Username is: " & $sEncName) Msgbox(0,"","The ecnrypted hash value for Password is: " & $sEncPW) $sDecryptName = _StringEncrypt(False, $sEncName, $s3yobhmoobhawj) ; Decrypt the data using the generic password string. $sDecryptPW = _StringEncrypt(False, $sEncPW, $s3yobhmoobhawj) ; Decryp the data using the generic password string. MsgBox(0,"","The decrypted value for Username is: " & $sDecryptName) Msgbox(0,"","The decrypted value for Password is: " & $sDecryptPW) ExitLoop ;$iPID = RunAs($sDecryptName, "Learning123", $sDecryptPW, 2, @ComSpec & " /c " & "C:\Windows\System32\manage-bde.exe" & $sBDE_On, "", @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD) EndSwitch WEnd Func _StringEncrypt($bEncrypt, $sData, $sPassword) _Crypt_Startup() ; Start the Crypt library. Local $vReturn = '' If $bEncrypt Then ; If the flag is set to True then encrypt, otherwise decrypt. $vReturn = _Crypt_EncryptData($sData, $sPassword, $CALG_AES_256) Else $vReturn = BinaryToString(_Crypt_DecryptData($sData, $sPassword, $CALG_AES_256)) EndIf _Crypt_Shutdown() ; Shutdown the Crypt library. Return $vReturn EndFunc ;==>_StringEncrypt Edited September 5, 2018 by LisHawj
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now