标题: [转载代码] [PowerShell每日技巧]“隐藏”密码(20131210) [打印本页]
作者: DAIC 时间: 2013-12-20 17:20 标题: [PowerShell每日技巧]“隐藏”密码(20131210)
How can you securely embed confidential passwords in a PowerShell script? You can't. But you can make it harder for people to discover the secret.
Here is a code generator script that is designed to run inside the PowerShell ISE editor:- # ask for credentials
- $cred = Get-Credential
- $pass = $cred.Password
- $user = $cred.UserName
-
- # create random encryption key
- $key = 1..32 | ForEach-Object { Get-Random -Maximum 256 }
-
- # encrypt password with key
- $passencrypted = $pass | ConvertFrom-SecureString -Key $key
-
- # turn key and password into text representations
- $secret = -join ($key | ForEach-Object { '{0:x2}' -f $_ })
- $secret += $passencrypted
-
- # create code
- $code = '$i = ''{0}'';' -f $secret
- $code += '$cred = New-Object PSCredential('''
- $code += $user + ''', (ConvertTo-SecureString $i.SubString(64)'
- $code += ' -k ($i.SubString(0,64) -split "(?<=\G[0-9a-f]{2})(?=.)" |'
- $code += ' % { [Convert]::ToByte($_,16) })))'
-
- # write new script
- $editor = $psise.CurrentPowerShellTab.files.Add().Editor
- $editor.InsertText($code)
- $editor.SetCaretPosition(1,1)
复制代码
When you run it, it asks for a username and a password. Then, it generates a cryptic piece of PowerShell code that you can use in your scripts.
Here's a sample cryptic piece of code generated by the script above:- $i = '73cc7284f9e79f68e9d245b5b2d96c4026397d96cfac6023325d1375414e5f7476492d1116743f0423413b16050a5345MgB8AGgAdABLAEkARABiAFIARgBiAGwAZwBHAHMAaQBLAFoAeQB2AGQAOQAyAGcAPQA9AHwAMgBiADIAMABmADYANwA1ADYANwBiAGYAYwA3AGMAOQA0ADIAMQA3ADcAYwAwADUANAA4ADkAZgBhADYAZgBkADkANgA4ADMAZAA5ADUANABjADgAMgAwADQANQA1ADkAZAA3AGUAMwBmADMAMQAzADQAZgBmADIAZABlADgAZQA=';$cred = New-Object PSCredential('contoso\fabrikam', (ConvertTo-SecureString $i.SubString(64) -k ($i.SubString(0,64) -split "(?<=\G[0-9a-f]{2})(?=.)" | % { [Convert]::ToByte($_,16) })))
复制代码
The cryptic auto-generated script code will define the variable $cred, which will hold a valid credential including the password. You can then use $cred inside of your script wherever a -Credential parameter wants a username and password from you.
http://powershell.com/cs/blogs/tips/archive/2013/12/10/obfuscating-credentials.aspx
欢迎光临 批处理之家 (http://www.bathome.net/) |
Powered by Discuz! 7.2 |