Passing a Password Variable

Comments

6 comments

  • Colby Bouma

    No, Deploy can't do that natively. It sounds like you already found this blog, but just in case: https://www.pdq.com/blog/secure-password-with-powershell-encrypting-credentials-part-2/

    1
    Comment actions Permalink
  • Fredrich Radloff

    I was afraid you'd say that. Yes, I've been working with that blog post. I think that works correctly, but this particular .exe installer doesn't like being called from Powershell.

    I'm pretty sure I'm just formatting my Powershell incorrectly and this is purely a Powershell issue at this point. Attempting to create the script in ISE and running it locally, it seems like it doesn't run the same as it does from PDQ.

    I've tried different forms of passing arguments:
    & .\installer.exe /silentswitch /otherswitch /uninstallpassword $password
    .\installer.exe /silentswitch /otherswitch /uninstallpassword $password
    Start-Process ".\installer.exe" -ArgumentList "/silentswitch /otherswitch /uninstallpassword $password"
    Start-Process ".\installer.exe" -ArgumentList "/silentswitch","/otherswitch","/uninstallpassword $password"
    and so on.

    1
    Comment actions Permalink
  • Colby Bouma

    Does it throw an error, or does it just fail silently? Does the password have any special characters or spaces in it? Have you tried outputting the password (using a fake password) to make sure the decryption is working on the target?

    1
    Comment actions Permalink
  • Fredrich Radloff

    It fails silently. Hmm, yeah I didn't think to escape special characters. Uh, how can I even do that in a secure string?
    *2 seconds of Google later*
    I'll try a hex string and see how that goes, I guess?

    Yeah, when I've tried outputting the variable it just prints out "System.Security.SecureString" which, I suspected was supposed to happen. Here's my current horrible code:

    $PasswordFile = "pass.txt"
    $KeyFile = "AES.key"
    $Key = Get-Content $KeyFile
    $CPass = (Get-Content $PasswordFile | ConvertTo-SecureString -Key $Key)
    $app = '.\genericantivirusinstaller.exe'
    $arg1 = '/switch1'
    $arg2 = '/switch2'
    $arg3 = '/removeswitch 1'
    $arg4 = '/uninstallpassword ' + "$CPass"

    & $app $arg1 $arg2 $arg3 $arg4

    When I output $CPass is when I get the above mentioned output. It might be that I've messed up the conversion of the password into a secure string. Even doing ConvertFrom-SecureString -AsPlainText throws an error....
    *An additional second of Google and caffeine heightened reading comprehension*
    Okay, so I missed the fact that this parameter, -AsPlainText, was added in Powershell 7... which I'm not running.

    I'll continue blundering through this until I find out where I went wrong.

    0
    Comment actions Permalink
  • Colby Bouma

    Oops. It's been a long time since I've worked with SecureString objects. I forgot that they made it difficult to convert them back to plaintext.

    https://stackoverflow.com/a/57431985

    Sorry about sharing that as a screenshot. Zendesk keeps marking my comment as spam when I try to post the actual text.

    0
    Comment actions Permalink
  • Fredrich Radloff

    Yep, that did it. I was able to get the plain text with the -AsPlainText parameter in PS 7, but I didn't have any intention of putting 7 on my endpoints.

    However, your code snippet worked for me! I was about to mess with BSTR, whatever that is. Thanks! Now, I've got a working Deploy package!

    0
    Comment actions Permalink

Please sign in to leave a comment.