CLR: Secure String [Plan B]

Started by stanl, May 04, 2019, 03:29:01 AM

Previous topic - Next topic

stanl

Attached Secure String is displayed as plain text with the script below. Needed to run it through Powershell as the SecureStringToGlobalAllocUnicode method failed via normal CLR [at least for me]. Of course, secure strings are really not that secure ::)
Code (WINBATCH) Select


;Stan Littlefield May 4th 2019   [ May 4th be with you ]
;=================================================================================


file="c:\TEMP\secretdata.txt"
If ! FileExist(file) Then Terminate(@TRUE,"Cannot Continue","Missing ":file)


Message("Secure String",FileGetW(file))
ClipPut("")


cScript='$storage = "%file%"':@CRLF
cScript=cScript:'$secureString = Get-Content -Path $storage | ConvertTo-SecureString':@CRLF
cScript=cScript:'$ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToGlobalAllocUnicode($secureString)':@CRLF
cScript=cScript:'$mysecret = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($ptr)':@CRLF
cScript=cScript:'$mysecret | clip'




ObjectClrOption("useany", "System.Management.Automation")
objAutoPs = ObjectClrNew("System.Management.Automation.PowerShell")
oPshell = objAutoPs.Create()
oScope = ObjectType("BOOL",@TRUE)
oPshell.AddScript(cScript,oScope)
objAsync = oPshell.BeginInvoke()
oPShell.EndInvoke(objAsync)     


oPShell=0


Message("Decrypted",ClipGet())




Exit