Windows: Script to recover lost Passwords from a unattend/sysprep.xml file

Hi,

Passwords for new users or for joining a domain could defined in plain text or encrypted at sysprep.xml or unattend.xml file. But they are not “really” encrypted.

The password is simply Base64 encoded. The attached Powershell script tries to decodes all Usernames with their passwords from a unattend.xml file.
Example

     <AdministratorPassword>
         <Value>VABoAGUAIABBAGQAbQBpAG4AIABQAGEAcwBzAHcAbwByAGQAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBQAGEAcwBzAHcAbwByAGQA</Value>
         <PlainText>false</PlainText>
     </AdministratorPassword>

The decodes the Base64 String, but at the the of the String the usage of the password is appended (The name of the parent XML node. Here:AdministratorPassword). This must be cut off.

PS d:> $sPassword=[System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String("VABoAGUAIABBAGQAbQBpAG4AIABQAGEAcwBzAHcAbwByAGQAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBQAGEAcwBzAHcAbwByAGQA"))
PS d:> write-host $sPassword
The Admin PasswordAdministratorPassword
PS d:> $sPassword=[System.Text.RegularExpressions.Regex]::Replace($sPassword,"AdministratorPassword$","")
PS d:> write-host $sPassword
The Admin Password

Michael

Advertisment to support michlstechblog.info

Script to recover lost Passwords from a unattend/sysprep.xml file
Script to recover lost Passwords from a unattend/sysprep.xml file
RecoverUnattendSysprepPassword.ps1
Version: 1.0
2.5 KiB
694 Downloads
Details...

Time limit is exhausted. Please reload CAPTCHA.

Original Theme by Schiy · Powered by WordPress