[新手上路]批处理新手入门导读[视频教程]批处理基础视频教程[视频教程]VBS基础视频教程[批处理精品]批处理版照片整理器
[批处理精品]纯批处理备份&还原驱动[批处理精品]CMD命令50条不能说的秘密[在线下载]第三方命令行工具[在线帮助]VBScript / JScript 在线参考
返回列表 发帖
DAIC

Rank: 8Rank: 8

帖子
2874 
积分
7021 
技术
336  
捐助
0  
注册时间
2011-6-2 
1 跳转到 » 倒序看帖
打印
tT
发表于 2013-12-20 17:20 | 只看该作者

[转载代码] [PowerShell每日技巧]“隐藏”密码(20131210)

How can you securely embed confidential passwords in a PowerShell script? You can't. But you can make it harder for people to discover the secret.

Here is a code generator script that is designed to run inside the PowerShell ISE editor:
  1. # ask for credentials

  2. $cred = Get-Credential

  3. $pass = $cred.Password

  4. $user = $cred.UserName

  5. 

  6. # create random encryption key

  7. $key = 1..32 | ForEach-Object { Get-Random -Maximum 256 }

  8. 

  9. # encrypt password with key

  10. $passencrypted = $pass | ConvertFrom-SecureString -Key $key

  11. 

  12. # turn key and password into text representations

  13. $secret = -join ($key | ForEach-Object { '{0:x2}' -f $_ })

  14. $secret += $passencrypted

  15. 

  16. # create code

  17. $code  = '$i = ''{0}'';' -f $secret

  18. $code += '$cred = New-Object PSCredential('''

  19. $code += $user + ''', (ConvertTo-SecureString $i.SubString(64)'

  20. $code += ' -k ($i.SubString(0,64) -split "(?<=\G[0-9a-f]{2})(?=.)" |'

  21. $code += ' % { [Convert]::ToByte($_,16) })))'

  22. 

  23. # write new script

  24. $editor = $psise.CurrentPowerShellTab.files.Add().Editor

  25. $editor.InsertText($code)

  26. $editor.SetCaretPosition(1,1)
复制代码
When you run it, it asks for a username and a password. Then, it generates a cryptic piece of PowerShell code that you can use in your scripts.

Here's a sample cryptic piece of code generated by the script above:
  1. $i = '73cc7284f9e79f68e9d245b5b2d96c4026397d96cfac6023325d1375414e5f7476492d1116743f0423413b16050a5345MgB8AGgAdABLAEkARABiAFIARgBiAGwAZwBHAHMAaQBLAFoAeQB2AGQAOQAyAGcAPQA9AHwAMgBiADIAMABmADYANwA1ADYANwBiAGYAYwA3AGMAOQA0ADIAMQA3ADcAYwAwADUANAA4ADkAZgBhADYAZgBkADkANgA4ADMAZAA5ADUANABjADgAMgAwADQANQA1ADkAZAA3AGUAMwBmADMAMQAzADQAZgBmADIAZABlADgAZQA=';$cred = New-Object PSCredential('contoso\fabrikam', (ConvertTo-SecureString $i.SubString(64) -k ($i.SubString(0,64) -split "(?<=\G[0-9a-f]{2})(?=.)" | % { [Convert]::ToByte($_,16) })))
复制代码
The cryptic auto-generated script code will define the variable $cred, which will hold a valid credential including the password. You can then use $cred inside of your script wherever a -Credential parameter wants a username and password from you.

http://powershell.com/cs/blogs/tips/archive/2013/12/10/obfuscating-credentials.aspx
收藏 分享

返回列表