Inputting word from a file as a variable.

[Guest]

I need to set a password in a script but you can't be allowed to see it in
the script source code.
That leaves me with two options:
1) Have the script ask for input, and when it's typed in it mustn't show the
characters being typed in.

2) Have two files, each with one half of the password and have the script
read the password from those files.

I have no idea how to do 1) and I originally thought I could do 2) by doing
this:
FOR /f "tokens=1" %%A IN (pass1.txt) DO (SET pass1=%%A)
FOR /f "tokens=1" %%A IN (pass2.txt) DO (SET pass2=%%A)
I have now discovered that this does not seem to work...

Can anyone tell me how I can perform either of these operations?
I'm fairly new to CMD scripting...

--
Cheerio,
Lars Petersson
MCSA: Messaging
X-Posted to:
microsoft.public.windows.server.general
microsoft.public.win2000.cmdprompt.admin

 

[Todd Vargo]

I need to set a password in a script but you can't be allowed to see it in
the script source code.
That leaves me with two options:
1) Have the script ask for input, and when it's typed in it mustn't show the
characters being typed in.

2) Have two files, each with one half of the password and have the script
read the password from those files.

I have no idea how to do 1) and I originally thought I could do 2) by doing
this:
FOR /f "tokens=1" %%A IN (pass1.txt) DO (SET pass1=%%A)
FOR /f "tokens=1" %%A IN (pass2.txt) DO (SET pass2=%%A)
I have now discovered that this does not seem to work...

Can anyone tell me how I can perform either of these operations?
I'm fairly new to CMD scripting...

Since anyone can open a batch file and insert an "ECHO %password%&pause" in
the batch, using separate files pretty much does not matter. Here is another
way to obfuscate the password from casual users in a batch. You could even
use a combination of this method with separate files, but as mentioned, the
password can be exposed if echoed.

@echo off
setlocal enableextensions
(set s=ABCDEFGHIJKLMNOPQRSTUVWXYZ)
(set p=%s:~18,1%%s:~-8,1%)
(set p=%s:~11,1%%s:~4,1%%p%)
(set p=%p% %s:~-2,1%)
(set p=%s:~3,1% %s:~1,1%%p%)
echo password=%s:~6,1%O%p%O%s:~20,1%!

 

[Al Dunbar [MS-MVP]]

Since anyone can open a batch file and insert an "ECHO %password%&pause" in
the batch, using separate files pretty much does not matter. Here is another
way to obfuscate the password from casual users in a batch. You could even
use a combination of this method with separate files, but as mentioned, the
password can be exposed if echoed.

@echo off
setlocal enableextensions
(set s=ABCDEFGHIJKLMNOPQRSTUVWXYZ)
(set p=%s:~18,1%%s:~-8,1%)
(set p=%s:~11,1%%s:~4,1%%p%)
(set p=%p% %s:~-2,1%)
(set p=%s:~3,1% %s:~1,1%%p%)
echo password=%s:~6,1%O%p%O%s:~20,1%!

That still falls to the "echo %password%&pause" attack. I'd recommend
generating a less predictable password using %random%:

@echo off
setlocal enableextensions enabledelayedexpansion
(set password=)
for /l %%R in (1,1,12) do (set password=!password!!random:~-1!)
echo/password="%password%" & pause

The usual scenario for password setting is to assign a temporary password to
a user - temporary meaning that it will have to be changed the first time it
is used. For this reason, it need not be complex, just unpredictable. If the
password cannot be set because of complexity rules, just prefix it with
something to meet the complexity requirements:

@echo off
setlocal enableextensions enabledelayedexpansion
(set password=A-z$)
for /l %%R in (1,1,12) do (set password=!password!!random:~-1!)
echo/password="%password%" & pause

We do basically the same using a vbscript that optionally allows us to print
out a memo with the password. The password is made a bit more readable (and
complexity rules compatible) by using a template that determines what type
of character will appear in each position, i.e. upper case, lower, any case,
vowel, consonant, digit, etc.

/Al

 

[Guest]

Sorry for the late reply...
People seeing the batch file or the text file isn't an issue as the batch
file won't contain the passwords and the text file(s) will be deleted as soon
as the operation has finished.

I ended up solving the problem by making an excel sheet where on column
contain server names, one column contains part 1 of the password, the next
column part 2 and then saving as a .csv file.
The script is really just a simple FOR /f line.
It's not as clever as I would like, but it does the trick...

 

[Guest]

Sorry for the late reply...
People seeing the batch file or the text file isn't an issue as the batch
file won't contain the passwords and the text file(s) will be deleted as soon
as the operation has finished.

I ended up solving the problem by making an excel sheet where on column
contain server names, one column contains part 1 of the password, the next
column part 2 and then saving as a .csv file.
The script is really just a simple FOR /f line.
It's not as clever as I would like, but it does the trick...
--
Cheerio,
Lars Petersson
MCSA: Messaging

 

[Todd Vargo]

Sorry for the late reply...
People seeing the batch file or the text file isn't an issue as the batch
file won't contain the passwords and the text file(s) will be deleted as soon
as the operation has finished.

I ended up solving the problem by making an excel sheet where on column
contain server names, one column contains part 1 of the password, the next
column part 2 and then saving as a .csv file.
The script is really just a simple FOR /f line.
It's not as clever as I would like, but it does the trick...

Poor details usually attract unusable solutions. Sorry I couldn't be of
help.