HOME
Stephen Knight
01/12/2010 04:08 PM
Password hidden using ADS

Type:
Batch/Command file

Category:
ADS, Password
Taken from; http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/MS_DOS/Q_25000620.html?cid=1133#a26130150
better and more secure method of accessing your password is as follows:

1) create and save your batch file
2) use the ECHO command to 'place' your password into an ADS attached to your batch file
3) use redirection to read the password from the ADS (Alternative Data Stream) file

The password is safe as it cannot be 'seen' using conventional methods.

BRIEF HISTORY: I started experimenting with ADS about a year ago. I have written at least one other solution using this little known method as well as written a number of articles (soon to be published).

Here's how it works:

1) Include the following line in your code:
   set /p password=<%~nx0:password
and save your batch file.

2) At the DOS command line, enter the following command:

   echo YourPassWord>YourBatchFile.bat:password

NOTE 1: Please look at that line carefully. Notice the ADS after the ':' (colon) symbol.
NOTE 2: Notice there are no spaces either side of the '>' (greater-than) symbol.

As an example, suppose you create the following simple batch file named GETPASS.BAT, and your password is LETMEIN

   @echo off
   set /p password=<%~nx0:password
   echo %password%

Now save the batch file and enter the following command at the DOS prompt:

   echo LETMEIN>GETPASS.BAT:password

NOTE: There is no spaces either side of the '>' (greater-than) symbol.

Now run your batch file - it should just display:

   LETMEIN

On the subject of security, none of the following conventional methods will reveal your password:

   COPY getpass.bat:password file.txt

   TYPE getpass.bat:password

   MORE getpass.bat:password

   FIND /V "" getpass.bat:password


There are only a limited number of ways to view the contents of the ADS file. I leave it to you as a challenge to see if you can do it. So, that makes it pretty secure from a novice's point of view.

Furthemore, as far as novices are concerned (and some professionals) the following line can be quite misleading, especially in the absence of knowledge concerning ADS.

   set /p password=<%~nx0:password


Finally, as you can see, there is no additional external file containing your password. The ADS is attached to your batch file. This means, if you move or rename your batch file, the ADS moves with it. Also, the '%~nx0' part of the command ensures the ADS can be located should you rename the batch file.

Hide details for CodeCode


Show details for ExplanationExplanation
Hide details for ExamplesExamples
Other useful information on ADS: http://www.bleepingcomputer.com/tutorials/tutorial25.html

Hide details for AttachmentsAttachments