Windows: Script to recover lost Passwords from a unattend/sysprep.xml file

Hi,

Passwords for new users or for joining a domain could defined in plain text or encrypted at sysprep.xml or unattend.xml file. But they are not “really” encrypted.

The password is simply Base64 encoded. The attached Powershell script tries to decodes all Usernames with their passwords from a unattend.xml file.
Example

     <AdministratorPassword>
         <Value>VABoAGUAIABBAGQAbQBpAG4AIABQAGEAcwBzAHcAbwByAGQAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBQAGEAcwBzAHcAbwByAGQA</Value>
         <PlainText>false</PlainText>
     </AdministratorPassword>

The decodes the Base64 String, but at the the of the String the usage of the password is appended (The name of the parent XML node. Here:AdministratorPassword). This must be cut off.

PS d:> $sPassword=[System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String("VABoAGUAIABBAGQAbQBpAG4AIABQAGEAcwBzAHcAbwByAGQAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBQAGEAcwBzAHcAbwByAGQA"))
PS d:> write-host $sPassword
The Admin PasswordAdministratorPassword
PS d:> $sPassword=[System.Text.RegularExpressions.Regex]::Replace($sPassword ,"AdministratorPassword$","")
PS d:> write-host $sPassword
The Admin Password

Michael

Advertisment to support michlstechblog.info

Script to recover lost Passwords from a unattend/sysprep.xml file
Script to recover lost Passwords from a unattend/sysprep.xml file
RecoverUnattendSysprepPassword.ps1
Version: 1.0
2.5 KiB
1441 Downloads
Details...

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.