Windows: Script to recover lost Passwords from a unattend/sysprep.xml file

Hi,

Passwords for new users or for joining a domain could defined in plain text or encrypted at sysprep.xml or unattend.xml file. But they are not “really” encrypted.

The password is simply Base64 encoded. The attached Powershell script tries to decodes all Usernames with their passwords from a unattend.xml file.
Example

     <AdministratorPassword>
         <Value>VABoAGUAIABBAGQAbQBpAG4AIABQAGEAcwBzAHcAbwByAGQAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBQAGEAcwBzAHcAbwByAGQA</Value>
         <PlainText>false</PlainText>
     </AdministratorPassword>

The decodes the Base64 String, but at the the of the String the usage of the password is appended (The name of the parent XML node. Here:AdministratorPassword). This must be cut off.

PS d:> $sPassword=[System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String("VABoAGUAIABBAGQAbQBpAG4AIABQAGEAcwBzAHcAbwByAGQAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBQAGEAcwBzAHcAbwByAGQA"))
PS d:> write-host $sPassword
The Admin PasswordAdministratorPassword
PS d:> $sPassword=[System.Text.RegularExpressions.Regex]::Replace($sPassword ,"AdministratorPassword$","")
PS d:> write-host $sPassword
The Admin Password

Michael

Script to recover lost Passwords from a unattend/sysprep.xml file
RecoverUnattendSysprepPassword.ps1
Version: 1.0

Script to recover lost Passwords from a unattend/sysprep.xml file

Author:Michael
Category:Powershell Scripts
Date:October 20, 2016
2.5 KiB
2851 Downloads
Details...

Leave a Reply Cancel reply