Secured Password in Powershell Script

Advertisement

Honky
Joined:
Posts:
6

Secured Password in Powershell Script

Hello WinSCP Guru's,

is there any possibility to use an encrypted password (like in the GUI)in the my Powershell-Script?

param (
    $localPath = "F:\Test-Sync01\",
    $remotePath = "/Test-Sync01/"
)
 
try
{
    # Load WinSCP .NET assembly
    Add-Type -Path "F:\syncapp\WinSCPnet.dll"
 
   

    # Setup session options
    $sessionOptions = New-Object WinSCP.SessionOptions
   
 
    $sessionOptions.Protocol = [WinSCP.Protocol]::Sftp
    $sessionOptions.HostName = "server08"
    $sessionOptions.UserName = "syncusr"
    $sessionOptions.Password  = "BLBALBLA"
    $sessionOptions.SshHostKeyFingerprint = "ssh-rsa 1024 13:d3:ef:ee:4d:cc:22:31:04:aa:1e:cd:7b:c7:42:02"
    $session = New-Object WinSCP.Session

       
 
    try
    {
        # Connect
        $session.Open($sessionOptions)

        
        # Synchronize files to local directory, collect results
        $synchronizationResult = $session.SynchronizeDirectories(
            [WinSCP.SynchronizationMode]::Remote, $localPath, $remotePath, $False)
 
         
        # Iterate over every download
        foreach ($download in $synchronizationResult.Uploads)
        {
            echo $download.FileName
            # Success or error?
            if ($download.Error -eq $Null)
            {
                Write-Host ("Download of {0} succeeded, removing from source" -f
                    $download.FileName)
             
                try
                {
                    Remove-Item $session.EscapeFileMask($download.FileName)
                    Write-Host ("Removing of file {0} succeeded" -f
                        $download.FileName)
                }
                catch [Exception]
                {
                    Write-Host ("Rmoving of file {0} failed" -f
                        $download.FileName)
                }
            }
            else
            {
                Write-Host ("Download of {0} failed: {1}" -f
                    $download.FileName, $download.Error.Message)
            }
        }
    }
    finally
    {
   
        # Disconnect, clean up
        $session.Dispose()
    }
 
    exit 0
}
catch [Exception]
{
    Write-Host $_.Exception.Message
    exit 1
}

Thanks in advance!

Reply with quote

Advertisement

Honky
Joined:
Posts:
6

found it:

1. Generate Hash in Powershell:

Read-Host 'Enter password' -AsSecureString |
ConvertFrom-SecureString |
Out-File 'C:\password.txt'

2. Copy/Paste Hash from password.txt

3. Replace
$sessionOptions.Password = "BLBALBLBA"
with
$sessionOptions.SecurePassword = ConvertTo-SecureString "01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d5e66e657ce0264d9cdffd82e583fec00000000002000000000003660000c00000001000000005351f863d78e0364289ed60022d65a30000000004800000a000000010000000467b753a60f8a4ef0b612880c92ec6c730000000b87f47ffd9c5bafbc1a2a3d39e520199e8b10cb571aa97cd9ec2c43b86fed4fb0c1e40d3b5fc81ecc04dd79f1f71f942140000001c829482c76164fa43e7af395ff2ca3db611821b"

Reply with quote

Piercenz
Guest

I'm a little bit confused by this approach... Yes the password is not stored in the script as plain text, but if I debug the script after the SessionOptions object has been initialized with the SecurePassword, I can see the decoded password as plain text in the Password property of the SessionOptions?

So essentially anyone can pickup my script, run it in debug mode and see the decrypted password?

I feel like I'm missing something here...

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
29,300
Location:
Prague, Czechia

Piercenz wrote:

I'm a little bit confused by this approach... Yes the password is not stored in the script as plain text, but if I debug the script after the SessionOptions object has been initialized with the SecurePassword, I can see the decoded password as plain text in the Password property of the SessionOptions?

So essentially anyone can pickup my script, run it in debug mode and see the decrypted password?

I feel like I'm missing something here...
The password is encrypted using your Windows credentials. So if someone picks up the script, he/she won't be able to decode the password, unless that person knows your Windows credentials (or has an access to your Windows session).

Reply with quote

Advertisement

You can post new topics in this forum