Password Obfuscator Script

by Oct 8, 2013

Ever had the need to store a password in a script? Ever needed to automate a credential dialog? First: storing passwords and other confidential information in scripts is bad. Second: if you must do it, make it at least harder for people to steal information.

Here is a script generator. Run it, and enter a doman/username plus a password. The generator script will then create a new script for you.

$pwd = Read-Host 'Enter Password' 
$user = Read-Host 'Enter Username'
$key = 1..32 | 
  ForEach-Object { Get-Random -Maximum 256 }

$pwdencrypted = $pwd | 
  ConvertTo-SecureString -AsPlainText -Force | 
  ConvertFrom-SecureString -Key $key

$text = @()
$text += '$password = "{0}"' -f ($pwdencrypted -join ' ') 
$text += '$key = "{0}"' -f ($key -join ' ')
$text += '$passwordSecure = ConvertTo-SecureString -String $password -Key ([Byte[]]$key.Split(" "))' 
$text += '$cred = New-Object system.Management.Automation.PSCredential("{0}", $passwordSecure)' -f $user
$text += '$cred'

$newFile = $psise.CurrentPowerShellTab.Files.Add()
$newFile.Editor.Text = $text | Out-String

It contains the obfuscated password script which could look similar to this one:

$password = "76492d1116743f0423413b16050a5345MgB8AFcAMABGAEIANAB1AGEAdQA3ADUASABhAE0AMgBNADUAUwBnAFYAYQA1AEEAPQA9AHwAMgAyAGIAZgA1ADUAZgA0ADIANAA0ADUANwA2ADAAMgA5ADkAZAAxAGUANwA4ADUAZQA4ADkAZAA1AGMAMAA2AA=="
$key = "246 185 95 207 87 105 146 74 99 163 58 194 93 229 80 241 160 35 68 220 130 193 84 113 122 155 208 49 152 86 85 178"
$passwordSecure = ConvertTo-SecureString -String $password -Key ([Byte[]]$key.Split(" "))
$cred = New-Object system.Management.Automation.PSCredential("test\tobias", $passwordSecure)
$cred 

When you run it, it returns a Credential object that you can immediately use to authenticate. Simply pass it to any parameter that expects a credential object.

Again, this is not safe. But you do need a bit more knowledge to get to the embedded password.

Twitter This Tip! ReTweet this Tip!