none
Save Encrypted password in vbscript RRS feed

  • Question

  • Hi All,

    I have a logon script, that requires an external application to be executed as administrator.How can I run the external program as runas?

    I can use the admin username and password in the script; which will reduce the security to zero.

    Is there a way to use encrypted password in the script, or encrypting the entire script itself.

     

    Thanks in Advance,

    Ranjith

     

    Wednesday, June 23, 2010 7:31 AM

Answers

  • Let's be honest though most security is just to obfuscate. 

    Here's a little Sub I found to create an md5 hash for a pasword, technically about as safe as most OSs stor them.  run this script and put the password into the box when asked.  That'll convert it to the hashed password.  Add the encryptkey to the top of your script and the Sub to the bottom.  Now anywhere in your script you need your password you can use RC4Initialize("YourHash").  If you ever need to see the password like you forget it.  Just run the script again and put in the hash. It will spit out the plain text password. This is very much an obfuscation but like I said what isn't.

       Dim sbox(255)
       Dim key(255)
       Dim Encryptkey
       Dim EncryptStr
       Dim Encryptedstr

       Encryptkey = "ScrambleMe"
       EncryptStr = InputBox("String")

     Encryptedstr = EnDeCrypt(EncryptStr,Encryptkey)
    testresult = InputBox("String","test",Encryptedstr)


       Sub RC4Initialize(strPwd)
       ':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
       ':::  This routine called by EnDeCrypt function. Initializes the :::
       ':::  sbox and the key array)                                    :::
       ':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

          dim tempSwap
          dim a
          dim b

          intLength = len(strPwd)
          For a = 0 To 255
             key(a) = asc(mid(strpwd, (a mod intLength)+1, 1))
             sbox(a) = a
          next

          b = 0
          For a = 0 To 255
             b = (b + sbox(a) + key(a)) Mod 256
             tempSwap = sbox(a)
             sbox(a) = sbox(b)
             sbox(b) = tempSwap
          Next
      
       End Sub
      
       Function EnDeCrypt(plaintxt, psw)
       ':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
       ':::  This routine does all the work. Call it both to ENcrypt    :::
       ':::  and to DEcrypt your data.                                  :::
       ':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

          dim temp
          dim a
          dim i
          dim j
          dim k
          dim cipherby
          dim cipher

          i = 0
          j = 0

          RC4Initialize psw

          For a = 1 To Len(plaintxt)
             i = (i + 1) Mod 256
             j = (j + sbox(i)) Mod 256
             temp = sbox(i)
             sbox(i) = sbox(j)
             sbox(j) = temp
      
             k = sbox((sbox(i) + sbox(j)) Mod 256)

             cipherby = Asc(Mid(plaintxt, a, 1)) Xor k
             cipher = cipher & Chr(cipherby)
          Next

          EnDeCrypt = cipher

       End Function

    Thursday, July 1, 2010 12:21 PM
  • "Ranjith_sk" <=?utf-8?B?UmFuaml0aF9zaw==?=> wrote in message news:85f6e908-db0a-495b-ab4c-548b4ca2c8b3...

    Hi Matthew,

     

    I got Windows Script Encoder from Microsoft site and is fitting to my requirement.

    Thanks for the reply.

    Windows Script Encoder 1.0 can be downloaded from following link.

    http://download.microsoft.com/download/0/0/7/0073477f-bbf9-4510-86f9-ba51282531e3/sce10en.exe

    Using Script Encoder

    http://msdn.microsoft.com/en-us/library/cbfz3598%28VS.85%29.aspx

    Regards,

    Ranjith

      Be careful with this! An encoded script is easily decoded:
     
     
    Monday, June 28, 2010 7:30 PM

All replies

  • Hi Ranjith

    Have you considered installing a windows service and using it to execute the the application or use psexec.exe as local system on computer startup.

    http://technet.microsoft.com/en-us/library/ee198763.aspx

    Cheers Matt :)

     

    Wednesday, June 23, 2010 9:19 AM
    Moderator
  • Hi Matthew,

     

    I got Windows Script Encoder from Microsoft site and is fitting to my requirement.

    Thanks for the reply.

    Windows Script Encoder 1.0 can be downloaded from following link.

    http://download.microsoft.com/download/0/0/7/0073477f-bbf9-4510-86f9-ba51282531e3/sce10en.exe

    Using Script Encoder

    http://msdn.microsoft.com/en-us/library/cbfz3598%28VS.85%29.aspx

    Regards,

    Ranjith

    Monday, June 28, 2010 4:34 PM
  • "Ranjith_sk" <=?utf-8?B?UmFuaml0aF9zaw==?=> wrote in message news:85f6e908-db0a-495b-ab4c-548b4ca2c8b3...

    Hi Matthew,

     

    I got Windows Script Encoder from Microsoft site and is fitting to my requirement.

    Thanks for the reply.

    Windows Script Encoder 1.0 can be downloaded from following link.

    http://download.microsoft.com/download/0/0/7/0073477f-bbf9-4510-86f9-ba51282531e3/sce10en.exe

    Using Script Encoder

    http://msdn.microsoft.com/en-us/library/cbfz3598%28VS.85%29.aspx

    Regards,

    Ranjith

      Be careful with this! An encoded script is easily decoded:
     
     
    Monday, June 28, 2010 7:30 PM
  • Be careful with this! An encoded script is easily decoded:
     
     

    x2

    I totally agree with Ranjith, script encoding is easy to decode, In my opinion The script encoder exists only to obfuscate the code not as a security measure.

    cheers

    shane

     


    Shane Hoey psugbne.org | Powershell Usergroup Brisbane
    Tuesday, June 29, 2010 3:49 AM
  • Let's be honest though most security is just to obfuscate. 

    Here's a little Sub I found to create an md5 hash for a pasword, technically about as safe as most OSs stor them.  run this script and put the password into the box when asked.  That'll convert it to the hashed password.  Add the encryptkey to the top of your script and the Sub to the bottom.  Now anywhere in your script you need your password you can use RC4Initialize("YourHash").  If you ever need to see the password like you forget it.  Just run the script again and put in the hash. It will spit out the plain text password. This is very much an obfuscation but like I said what isn't.

       Dim sbox(255)
       Dim key(255)
       Dim Encryptkey
       Dim EncryptStr
       Dim Encryptedstr

       Encryptkey = "ScrambleMe"
       EncryptStr = InputBox("String")

     Encryptedstr = EnDeCrypt(EncryptStr,Encryptkey)
    testresult = InputBox("String","test",Encryptedstr)


       Sub RC4Initialize(strPwd)
       ':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
       ':::  This routine called by EnDeCrypt function. Initializes the :::
       ':::  sbox and the key array)                                    :::
       ':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

          dim tempSwap
          dim a
          dim b

          intLength = len(strPwd)
          For a = 0 To 255
             key(a) = asc(mid(strpwd, (a mod intLength)+1, 1))
             sbox(a) = a
          next

          b = 0
          For a = 0 To 255
             b = (b + sbox(a) + key(a)) Mod 256
             tempSwap = sbox(a)
             sbox(a) = sbox(b)
             sbox(b) = tempSwap
          Next
      
       End Sub
      
       Function EnDeCrypt(plaintxt, psw)
       ':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
       ':::  This routine does all the work. Call it both to ENcrypt    :::
       ':::  and to DEcrypt your data.                                  :::
       ':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

          dim temp
          dim a
          dim i
          dim j
          dim k
          dim cipherby
          dim cipher

          i = 0
          j = 0

          RC4Initialize psw

          For a = 1 To Len(plaintxt)
             i = (i + 1) Mod 256
             j = (j + sbox(i)) Mod 256
             temp = sbox(i)
             sbox(i) = sbox(j)
             sbox(j) = temp
      
             k = sbox((sbox(i) + sbox(j)) Mod 256)

             cipherby = Asc(Mid(plaintxt, a, 1)) Xor k
             cipher = cipher & Chr(cipherby)
          Next

          EnDeCrypt = cipher

       End Function

    Thursday, July 1, 2010 12:21 PM
  • Hi Ranjith,

    I'm cleaning up some older posts,  can you mark the best answers so this thread can be closed off, 

    thanks

    shane

     


    Shane Hoey scriptingdownunder.com | Scripting Downunder psugbne.org | Powershell Usergroup Brisbane
    Monday, August 16, 2010 11:06 PM
  • I know this is an old thread but I used the script encoder to to encode a vbs script that I use in our server provisioning system. The script renames the admin and sets the password to our standard. the vbs script works but the vbe (encoded one) fails with error "expected statement line 1 character 1". I encoded the script on a windows 7 desktop but am running it on 2008 R2 servers. Any suggestions would be great. Thanks in advance
    Tuesday, October 8, 2013 2:43 PM