PowerShell - Decode System.Security.SecureString to readable password

Here you go:

$password = ConvertTo-SecureString 'P@ssw0rd' -AsPlainText -Force

$Ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToCoTaskMemUnicode($password)
$result = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($Ptr)
[System.Runtime.InteropServices.Marshal]::ZeroFreeCoTaskMemUnicode($Ptr)
$result 

P@ssw0rd


For a "System.Net.NetworkCredential" object, all you need to do is read the String password.

$password = convertto-securestring "TestPassword" -asplaintext -force
$credentials = New-Object System.Net.NetworkCredential("TestUsername", $password, "TestDomain")
$credentials.Password
TestPassword

$credentials | gm

TypeName: System.Net.NetworkCredential

Name           MemberType Definition
----           ---------- ----------
Equals         Method     bool Equals(System.Object obj)
GetCredential  Method     System.Net.NetworkCredential GetCredential(uri uri, str
GetHashCode    Method     int GetHashCode()
GetType        Method     type GetType()
ToString       Method     string ToString()
Domain         Property   string Domain {get;set;}
Password       Property   string Password {get;set;}
SecurePassword Property   securestring SecurePassword {get;set;}
UserName       Property   string UserName {get;set;}

If you end up with a PSCredential object, from an interactive command like Get-Credential use

$credentials=Get-Credential
$credentials.GetNetworkCredential().UserName
TestUsername
$credentials.GetNetworkCredential().Domain
TestDomain
$credentials.GetNetworkCredential().Password
TestPassword

See http://blogs.technet.com/b/heyscriptingguy/archive/2013/03/26/decrypt-powershell-secure-string-password.aspx for details.

Note: I used PS 4 for this example.


($credentials.GetNetworkCredential()).Password

The details are explained http://blogs.msdn.com/b/besidethepoint/archive/2010/09/21/decrypt-secure-strings-in-powershell.aspx

and I have yet another slightly different way of doing it.

$pass=convertto-securestring "P@ssw0rd" -asplaintext -force  | ConvertFrom-SecureString
[Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR( (ConvertTo-SecureString $pass) ))

P@ssw0rd


Rob's post above did not work for me for some reason. I found an answer from another site.

Multiple lines of code version:

$password = ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force

$decrypted = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password)
$decryptedPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($decrypted)
$decryptedPassword    # Outputs: P@ssw0rd

One-liner version (which you can save to a variable):

# Outputs: P@ssw0rd
[System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password))