Encrypting the password value used to send an email via a bat file?

Solution 1:

Obfuscate Sensitive Strings with PowerShell to Send an Email via a Batch Script

You can use a strategic variation of the PowerShell code mentioned in the "Simple Obfuscation with PowerShell using Base64 Encoding" post to...

  1. Encode the sensitive string(s) you wish to obfuscate to make those not so easily decipherable to anyone without a lot of technical know-how which could potentially see or copy the script logic at runtime

  2. Setup the process to cleanup and remove the batch script, and the dynamically generated PowerShell script, after both are executed and run the necessary logic

Get Encoded String Values

Whatever value you want to obfuscate, you will put that value enclosed within double quotes in the $SensitiveString per the below logic and then execute $OString to get the encoded value.

These will be the values you hard code into the below Batch Script rather than using the sensitive values themselves in a plain text format.

$SensitiveString = "ARealDumbPassword" ## -- Put sensitive string value to encode here
$OString         = [Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($SensitiveString))
$ConvertedString = [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($OString))
$OString ## -- Get encoded string value

enter image description here

You can use the existing batch script with a few adjustments so the encoded values can be passed in or set in the batch script logic and have the other logic within the PowerShell script to decode those values for use. Once done, the PowerShell script and the batch script will be deleted.

Batch Script

@ECHO OFF

:: -- Set senvitive values and file attachment path
SET "GmailAccount=RwBtAGEAaQBsAEEAYwBjAG8AdQBuAHQAVQBzAGUAcgBuAGEAbQBlAF8AXwBCAGkAdABjAGgA"
SET "GmailPassword=QQBSAGUAYQBsAEQAdQBtAGIAQQBzAHMAUABhAHMAcwB3AG8AcgBkAA=="
SET "Attachment=<FullAttachmentPath>"

:: -- Set other email values
SET "[email protected]"
SET "EmailSubject=This is the subject of the email"
SET "EmailBody=This is the body of the email"

CALL :PowerShell
CD /D "%PowerShellDir%"
Powershell -ExecutionPolicy Bypass -Command "& '%PSScript%' '%GmailAccount%' '%GmailPassword%' '%Attachment%'"
IF EXIST "%PSScript%" DEL /Q /F "%PSScript%"
IF EXIST "%~FN0" DEL /Q /F "%~FN0"
IF EXIST "%PSScript%" DEL /Q /F "%PSScript%"
EXIT

:PowerShell
SET PowerShellDir=C:\Windows\System32\WindowsPowerShell\v1.0
SET PSScript=%temp%\~tmpSendeMail.ps1
IF EXIST "%PSScript%" DEL /Q /F "%PSScript%"

ECHO $Username      = $args[0]                                                                                     >> "%PSScript%"
ECHO $Username      = [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($Username))     >> "%PSScript%"
ECHO $EmailPassword = $args[1]                                                                                     >> "%PSScript%"
ECHO $EmailPassword = [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($EmailPassword))>> "%PSScript%"
ECHO $Attachment    = $args[2]                                                                                     >> "%PSScript%"
ECHO $Attachment    = [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($Attachment))   >> "%PSScript%"
ECHO                                          >> "%PSScript%"
ECHO $Username    = $Username                 >> "%PSScript%"
ECHO $EmailTo     = "%EmailTo%"               >> "%PSScript%"
ECHO $EmailFrom   = "[email protected]" >> "%PSScript%"
ECHO $Subject     = "%EmailSubject%"          >> "%PSScript%"
ECHO $Body        = "%EmailBody%"             >> "%PSScript%"
ECHO $SMTPServer  = "smtp.gmail.com"          >> "%PSScript%"
ECHO $SMTPMessage = New-Object System.Net.Mail.MailMessage($EmailFrom, $EmailTo, $Subject, $Body) >> "%PSScript%"
ECHO $Attachment  = New-Object System.Net.Mail.Attachment($Attachment)                            >> "%PSScript%"
ECHO $SMTPMessage.Attachments.Add($Attachment)                                                    >> "%PSScript%"
ECHO $SMTPClient  = New-Object Net.Mail.SmtpClient($SmtpServer, 587)                              >> "%PSScript%"
ECHO $SMTPClient.EnableSsl = $true                                                                >> "%PSScript%"
ECHO $SMTPClient.Credentials = New-Object System.Net.NetworkCredential($Username, $EmailPassword) >> "%PSScript%"
ECHO $SMTPClient.Send($SMTPMessage)                                                               >> "%PSScript%"
GOTO :EOF

Supporting Resources

  • Simple Obfuscation with PowerShell using Base64 Encoding
  • Convert.ToBase64String Method
  • Encoding Class
  • UnicodeEncoding.GetString(Byte[], Int32, Int32) Method
  • System.Convert Methods
  • Convert.FromBase64String(String) Method