Powershell Fun :P

[luke127]

Ok CarnageX... I took your advice like 8 months later. I'm finally deciding to get into powershell. Now the question is, how do I create a secure password verification system.

I can do this:

$SecurePassword = Read-Host -Prompt 'Type the password' -AsSecureString

but then the password is stored as a secure string and I'm not sure if it's possible to compare two secure strings to one another since they'd be generated with different encryption keys. Anyone got any ideas?

I'm attempting to take this:

%password%=Example
set/p pass=Type the password
IF %pass%==%password% goto Login
else goto Fail

and make it more secure by encrypting the login details as secure strings.

EDIT: I looked at using two .txt files and using them for references, however I'd prefer it if I could simply just have it all in the one file like it was in batch, using the user input and verifying against an encrypted string inside the file. The AES key could be stored in the program file because quite frankly, I don't think high school students are going to have the level of intelligence required to decrypt a 256 bit AES string using a 32 bit byte array.

OR I could set it up so that you need the AES Key and the password as user input, otherwise it fails. Any way to do this?

 

[carnageX]

Checked here?
Compare secure strings entered through powershell

 

[luke127]

I've read that article. That's comparing two inputs. That'd be useless if someone already knew the password. I'm looking for a method of using Secure Keys with AES and referencing that internally.

I'll use a bit of batch terminology to explain what I'm trying to do, and then we can convert it over.

$password = (upper and lowercase letters in a long encrypted string)
$userinput = Read-Host 'Enter Password' -AsSecureString
$userinput2 = Read-Host 'Enter AES Encryption Key'
Decrypt pass using $userinput2 and $password
IF $userinput = $password goto Login
Else goto fail.

EDIT: This article mentions the AES Secure Keys I'm talking about. But it stores the password and the AES key in external .txt files which isn't ideal.

http://www.adminarsenal.com/admin-a...with-powershell-encrypting-credentials-part-2

EDIT 2: I'll be back in an hour, got extension maths after recess. I've got another study period then, and we can talk.

 

[carnageX]

"Hey Scripting Guy!" has a lot of good PowerShell tips:
Decrypt PowerShell Secure String Password - Hey, Scripting Guy! Blog - Site Home - TechNet Blogs

Why not start using an actual programming language rather than a scripting language? PowerShell is meant more for windows administration tasks / automation.

 

[luke127]

Powershell language is similar to a programming language in terms of its writing. Learning an actual language is the next step in the evolution of my skill set.

 

[carnageX]

Eh...coming from a .NET developer, the syntax is pretty weird and I constantly have to look up how to do things if I want to do anything in PowerShell. It's not very intuitive to actually use / program with (though it is indeed very powerful). Granted that's partly because I'm not super familiar with it, but it's still a bit obscure, IMO.

If you're wanting to do little utilities like this, then I'd definitely look into a language that's not meant for scripting / administration & automation tasks.

 

[luke127]

I'm also looking into Python, although it needs its own stuff to be installed for it to work. I like powershell because it runs on any current windows system (unless the execution policy is set to restricted, but there are ways around that)

 

[carnageX]

^ .NET applications will run on any Windows system as well .

 

[S0ULphIRE]

Dissing powershell behind my back eeyyy carnage?

@Luke, you mentioned this is for students - will it be run inside an AD environment?

 

[luke127]

Indeed it will be S0UL. A lot of the group policy objects that restricted things like Command prompt have been removed after we switched from Roaming Profiles to Mandatory profiles. Folder redirection to the H:\ drive was enabled, and so if I open powershell the default directory is H:\. I can bypass the Execution Policy using a batch script to execute the Ps file.

Amusingly if I do Win+R and execute cmd from there, it brings up Doman\Username, but won't let me "cd H:\" xD Anyways.

The IT's reasoning was that we're not admins, so there's really no need to have all those restrictions slowing down logins. Fair enough, (for most users. But I'm not most users xD I love screwing with their ****, trying to find a glitch that'll give me access to stuff I shouldn't have xD)