I'd like help in setting password in a batch file but without exposing password.
If I SET password="abc123", I don't want abc123 to be visible in the batch file, as other people will be running the .bat file.
There is unfortunately no good solution to hide a password in batch
Even if you crypt it, change it to HEX, hide it in an Alternative Data Stream (ADS) or whatever you want.
At a moment you have to test the value in your code with an IF test.
At this point the password, crypted or not, will be visible or settedin a variable that can be echoed.
You can also compress your BAT in a self-extracting .EXE, but this is very easy to crack, while the .BAT file have to be decompressed before you run it (in the %temp% folder).
So there is no way to really hide a password in a .BAT file
You can try this method : Password hidden using ADS
create and save your batch file
use the ECHO command to 'place' your password into an ADS attached
to your batch file
use redirection to read the password from the ADS (Alternative Data
Stream) file
Related
I want to create an encrypted file containing some important passwords. Ideally, I would be able to open that file in a plaintext editor and edit passwords just like I would with any other plaintext file.
I've seen different suggestions to create an encrypted disk image for the folder containing the password file to be encrypted. However, I'd have to re-create that disk image every time I wanted to edit the password file, which seems excessive.
This is my file, secrets.yaml:
google.com:
username: mygoogleusername
password: mygooglepassword
facebook.com:
username: myfacebookusername
password: myfacebookpassword
How can I password-protect this file? Is it sufficient to run something like chmod 600 secrets.yaml (i.e. assign read-write to the owner of the file only)?
You will have to use tools for individual file encryption, like AxCrypt. It can do 128, 256-bit encryption for an individual file of any kind, by setting a key as you expect, and only you can open the file.
AxCrypt
A common method to block websites is to go this directory.
C->System32–>drivers–>etc and add the exceptions to the 'hosts' file.
But anybody can re-edit the file and remove the exceptions.
So..is there some kind of batch programming to block certain websites ?
You have a few options for this.
Change admin rights and set up yourself as the supervisor and everyone else as something else and lock edit permissions.
Write a bat file that opens both the internet and a second bat file that reads the website to the host file. If you do this every single time they start the web browser they will add the website back to the blocked list in the background forcing them to exit if they want to change it and if that happens they will reblock the website when they open the web browser again. Effective and out of some peoples abilities bypass.
Example can be found here: http://www.makeuseof.com/tag/launch-multiple-programs-single-shortcut-using-batch-file/
Similar to the method above add that bat file to launch when someone access's the hosts file with a timeout function to rewrite the hosts file after some amount of time...
Password protecting the system 32 folder but this could prove problematic for a plethora of reasons.
i got an idea to make something like keychain with keys, which will contain possible passwords to extract my password protected archives. So passwords will stay hidden, but user will still able to extract archive without knowing password.
Problem is if i send password via parameter it is shown in command line parameters.
set mypass=12345
unrar.exe x test.rar -p%mypass%
i tried also send pass via echo but it doesnt seems to work
#echo off
#echo 12345 | unrar.exe x test.rar -p
How to solve this?
The unrar executable does not provide a mechanism to securely accept the archive password. It is accepted in plain text form. There's no getting away from that and you should stop trying to do so.
Use the rar DLL interface instead which gives a slightly increased level of obfuscation. Of course, a moderately determined hacker could inspect the parameters that are being passed. Or inspect the file that is being extracted.
Using of #echo off is the correct approach.
Do note that when you call
#echo something
that "something" is always shown even when you disabled the echo using #echo off.
Also I agree with Uli Gerhardt about the use of unrar.dll instead as this will give you even better control over the extracting process.
EDIT: If you put this code into batch file (*.bat) you will see that the commands won't be shown.
#echo off
set mypass=12345
notepad %mypass%
Same should apply when sending commands from your application.
EDIT2: Do you know that you can even find already made Delphi component which alows you to make use of unrar.dll?
Check at bottom of this page: http://www.rarlab.com/rar_add.htm
I am using command line with bash in Mac OS X. I will ask in my script:
Enter your password?
>
Do you want to save it and do not ask this more?
The password is to unzip a file. To do this, it always has to be entered, but I want it to only be entered once.
I can easily save it in a text file, but that is too obvious.
So I want to save it in the system. Windows has the "Windows Registry". Is there a similar system in Mac OS X (or Unix) that I can save it in and it will not be lost?
Or is there another way to save the password and it will be more secure? I know if someone runs the script with debug mode (showing how the command line is created) he will easy find the password, but he will have to get the computer, so is a kind of physical security.
You could do it the way system passwords are stored: use a plain text file but store a checksum instead of plain text password. It would be best of the file wasn't accessible to the user, but even if it is, it's not that easy to reverse a checksum. Suppose you read the password into variable password. Then, you could do something like echo "$password" | sha1sum - > password_file. Then at next login, run the password provided by user through the same command and compare results. This way you can check if they entered the correct password without storing the password in cleartext.
Either use your OS's keyring (OSX has something like this), or store it in plain text. Don't pretend that you are secure when you are not. If you cannot store things securely, then store them in plain sight, so the user is not given a false sense of security.
How can I create a new file with a file format of say .kuy.This file would be holding encrypted data. And then later I could choose that file with extension .kuy to decrypt. So if I encrypted soundfile.aup, the encrypted file would be soundfile.aup.kuy, then the user would proceed to decrypting that file in which case the output would be soundfile.aup.
Thank you,
Bobby
You can assign a file extension to your application by going to your Target's info window and selecting the Properties tab:
After that, you just need to add your desired extension when you save a file.
As Steve suggests, first you have to create a custom file format. After that, whenever a custom file gets open - double click or whatever - its path will be passed to application:openFile:. http://developer.apple.com/library/mac/documentation/Cocoa/Reference/NSApplicationDelegate_Protocol/Reference/Reference.html#//apple_ref/doc/uid/TP40008592-CH1-SW29
Once you have the path, do your logic and you should be fine.