Obfuscating password in batch script

security batch-file passwords cmd
13,748

Solution 1

You could also hide the password in an alternate data stream:

First, add the somewhat secret password to an alternate data stream of your script:

echo somewhatsecretpassword>script.bat:pwd

Here's how to retrieve the password into the variable %p%:

for /f "usebackq delims=" %i in (script.bat:pwd) do set p=%i

From within the batch file itself you may use something like:

for /f "usebackq delims=" %%i in (%~0:pwd) do set p=%%i

This is not secure!

Please consider:

  • This is not secure!
  • Alternate data streams do not get copied everywhere (FAT)
  • Passwords containing special characters may need to be escaped in order to get written correctly to the stream
  • ... it is not secure

Solution 2

Another option might be to obfuscate a "password", which is not secure at all but might be sufficent in certain situations

:main
set a=pas
set b=rd
set /p input=
if %input%==%a%swo%b% goto start
:start
<your code here>
goto main

the password is "password", but it's a bit obfuscated.

Share:
13,748
tnw
Author by

tnw

Updated on June 14, 2022

Comments

  • tnw
    tnw almost 2 years

    I have a batch script with a password sitting in it as part of a command that requires credentials that I do not want to prompt for credentials. I am not worried about external threats, but I don't really want a co-worker going in there and seeing that password. While I trust them not to abuse it, I'd rather not have it there at all.

    I was able to do this pretty easily with PowerShell by just storing a secure string in a text file. Pretty basic, but at least there's no plain text passwords laying around. That's all I really need.

    How can I obfuscate a password in a batch script?

  • LS_ᴅᴇᴠ
    LS_ᴅᴇᴠ over 10 years
    I would recommend using command-line immediately in FOR to avoid storing password in environment variables.
  • Charemer
    Charemer about 6 years
    nitpicky grammar: 'You could also hide the password in a[n] alternate data stream'. the 'an' form is always used when the following word begins with a vowel sound (compare 'a engine' with 'an engine'). Solution is just what I was looking for though - just enough to prevent the superficially curious and for the secret to be lost if the file is copied away.
  • Justin German
    Justin German about 6 years
    @Charemer I just corrected it, I did get it right on the second line....

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Is the c++ hash function reasonably safe for passwords?
password limitations in SQL Server and MySql
Get only ethernet MAC-address via command prompt
Redirect output of command in for loop of batch script
How to start PowerShell script from BAT file with proper Working Directory?
.bat to stop windows Update
Show balloon notifications from batch file
Running multiple commands simultaneously
Unzip all zip files in all subfolders
How can I encrypt password in a batch file?