none
How to "reverse" ConvertTo-SecureString?

    Question

  • Hi,

    I am doing some work with ADFS and in particular, trying to understand the info at:

    https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-ad-fs-to-authenticate-users-stored-in-ldap-directories

    On that page, it has:

    $ldapuser = ConvertTo-SecureString -string "uid=admin,ou=system" -asplaintext -force

    but I was wondering how to "reverse" that, i.e., how to retrieve the original "uid=admin,ou=system" string?

    I tried:


    PS E:\> $plainldapUser = ConvertFrom-SecureString $ldapuser

    PS E:\> echo $plainldapuser

    but the output of that is:

    01000000d08c9ddf0115d1118c7a00c04fc297eb0100000097f94968cc4d604f9f9cc0763a5fbf400000000002000000000003660000c00000001000
    0000170daff30c2c700c3507c581a52dc00a0000000004800000a000000010000000627bfd0e6da2bd85a2a2cf0a72bc81c0280000004afdd29f9731
    2a62de0ba6958ca8ad7196b24644b2330e69d0edcd1c0c25a2e140d4e3cae900f51b140000000b5fac5824547d8b65714142457d5bc5acb89638

    instead of:

    uid=admin,ou=system

    Thanks,

    Jim


    • Edited by jimcpl Wednesday, December 5, 2018 10:17 AM
    Wednesday, December 5, 2018 10:16 AM

All replies

  • It's funny they call it a secure string when there is a trivial way to reverse it.

    $PasswordPTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($ldapuser) $PlainPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($PasswordPTR)

    #Free up the memory used after you are done with the pointer [System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($PasswordPTR)


    • Marked as answer by jrvModerator Wednesday, December 5, 2018 1:25 PM
    • Unmarked as answer by jrvModerator Wednesday, December 5, 2018 1:25 PM
    • Proposed as answer by jrvModerator Wednesday, December 5, 2018 1:25 PM
    Wednesday, December 5, 2018 10:38 AM
  • Hi,

    Was your issue resolved?

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.


    Best Regards,

    Lee


    Just do it.

    Thursday, December 6, 2018 8:37 AM
    Moderator
  • Hi,

    Was your issue resolved?

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,

    Lee


    Just do it.

    Tuesday, December 11, 2018 6:38 AM
    Moderator