Veeam extract utility for test passwords - powershell

I’m using the extract utility for test all the password of encrypted jobs and it work well. Just a problem when the password contain a double quotes (“).
I pass the good password but it seem that the extract utlity fails when we used password with double quote.
The main command i use is that one : .\Extract.exe -dir $full_dir -password $mdp
I got the error message “Password is incorrect”
obviously I already have verified the password and he is correct.
Does anyone have an idea ? or do i have to change all the password that contain a double quote ?

Related

Jenkins to Powershell - Do I need to escape dollar signs in passed parameters?

I have a Jenkins pipeline that invokes a Powershell script via the Powershell plugin. The pipeline uses withCredentials to put the user/password for Powershell to use in SQL connections into variables. I pass them as properties on the command:
def psCmd="./Set-CheckmarxTeams -server ${server} -jkuser $sqluser -jkpass $sqlpass"
The script has them defined as parameters:
param ([string]$server='ad1hfddbst930\shared',[string]$jkuser,[string]$jkpass)
but the SQL connection using $jkuser and $jkpass fails. The password has a $ in the middle. I tried to Write-Host $jkpass and it only shows the part up to the $, but nothing after it. Do I need to modify the string before passing it in? If so, how?
"Escaping" the dollar sign is easy and good to know. In this case, #Richard Schaefer needed to pass the entire string of a password that included the dollar sign.
Storing a string in the $jkpass variable like so:
$jkpass = "thisisa$password"
Would output: thisisa
Therefore, storing the password with single quotes eliminates this issue.
$jkpass = 'thisisa$password'
This outputs: thisisa$password

How to use Rar or WinRAR for creating an encrypted archive with a password starting with a double quote?

I am trying to create a command line to compress as RAR file using password through command line in Windows 7. I have installed WinRAR 5.31 x64.
The following command works for me:
rar a -r -m0 -hp"!(/!$!#!#=)\%" C:\files1.rar" *.*
The password is !(/!$!#!#=)\%.
My problem occurs if I wanted to put double quotes " inside my password, for example at the beginning:
rar a -r -m0 -hp""!(/!$!#!#=)\%" C:\files1.rar" *.*
The password should be "!(/!$!#!#=)\%.
That does not work for me, I tried putting \ before of ", but this is also not working.
Could anyone guide me through it in order to figure it out this special character in my password?
Further to the answer by Mofi:
Especially for Linux users using winrar/rar from the commandline, it may be worth realizing that rar effectively accepts "keyfiles", which may overcome the need to fiddle with quotes as part of the password.
Rar's documented maximum password length is 127 characters/bytes. It is not clear (to me) precisely which characters are part of the password space, but at least base64-encoded strings work. However, rar currently uses a password based key derivation function based on PBKDF2 using the HMAC-SHA256 hash function, which has a block size of 512 bits. Per PBKDF2, passwords longer than the block size of the hash function are first pre-hashed into a digest of 256 bits, which digest is then used as the password (instead of the original password). To avoid this, the archive password you pick should be no longer than 512 bits or 64 characters.
In a base64-encoded string, each character represents 6 bits of data; a 64 character password thus amounts to 384 random bits, which may be derived from 48 random bytes.
rar a -hp"$(dd if=/dev/urandom bs=48 count=1 | base64 -w0 | tee /tmp/pwd)" archive
The dd-pipe above will read 48 (pseudo)random bytes from the kernel's (non-blocking) random number source device, convert these into a 64 character password, tell rar to use that password for deriving a 256-bit (AES256) encryption key (RAR5-format), and at the same time store the password in the file `/tmp/pwd'.
The archive may again be accessed, e.g. listed, by reading the password back from the file, for instance like so:
rar l -p"$(cat /tmp/pwd)" archive.rar
The password file may be safely stored separately or together with the archive, in the latter case (of course) after encrypting it, e.g. with gpg using your own public key so as to lock the archive password under your private key/key phrase. All of this aims to conveniently make good use of rar's password/key space.
I note that I didn't dive into unrar's publicly available source code; the above is merely based on the general documentation. In addition, I don't know if the above can be made to work under Windows.
The Windows command interpreter cmd.exe and Rar.exe itself determine how arguments specified on command line are interpreted on parsing the command line. Argument strings containing a space or one of these characters &()[]{}^=;!'+,`~<|> must be enclosed in double quotes. This makes it very difficult to pass a double quote character as part of an argument string to a console application, especially at begin of an argument string.
But there is a solution for this very uncommon and very specific problem caused by a password/passphrase starting with a straight double quote character which marks usually begin/end of an argument string within all characters between are interpreted literally.
The manual of console version of WinRAR is the text file Rar.txt in program files folder of WinRAR. It can be read in this manual that Rar.exe supports reading switches from an environment variable RAR. By using this environment variable and special parsing of Windows command line interpreter on a SET command line it is possible to create a RAR archive from command line with a password starting with a single straight double quote character.
#echo off
setlocal EnableExtensions DisableDelayedExpansion
set "RAR=-hp""!(/!$!#!#=)\%%""
"%ProgramFiles%\WinRAR\Rar.exe" a -r -m0 -x"%~f0" "%USERPROFILE%\Desktop\files1.rar" *.*
endlocal
The switch -hp is read from environment variable RAR in addition to the other switches specified directly on RAR command line as explained by the manual.
The environment variable RAR is defined using syntax set "variable=value" as explained in detail by answer on Why is no string output with 'echo %var%' after using 'set var = text' on command line?
A password/passphrase with space or one of these characters &()[]{}^=;!'+,`~<|> needs to be enclosed in double quotes on Windows command line. For that reason Rar.exe removes from the passed password/passphrase the first and last double quote if there is one at begin and/or end. So it is not possible to define the password with "!(/!$!#!#=)\%. The password must be defined with two additional double quotes using ""!(/!$!#!#=)\%" to let really used password start with a straight double quote character.
In a batch file % marks begin/end of an environment variable reference except it is escaped with one more %.
So finally the command line set "RAR=-hp""!(/!$!#!#=)\%%"" defines the environment variable RAR with switch -hp passing the string "!(/!$!#!#=)\% to Rar.exe as password to use on encryption.
The RAR archive files1.rar is created on user's desktop by this code as root of directory C: is usually write-protected.
Note: Rar and WinRAR interpret *.* different to * as also explained in manual in comparison to Windows kernel functions interpreting them identical. Rar adds only files containing a dot in name of file into the RAR archive file on using *.*. So you might better use just * as wildcard.
The switch -x"%~f0" prevents adding the batch file also into the RAR archive file if being stored in current directory on execution of the batch file. Run in a command prompt window call /? for an explanation of %~f0 – full name of argument 0 which means batch file name with extension and full path.

openconnect password and cookie input

After 2-3 day search and work now i hope you can help ...
I want to use from openconnect in my program and for auth have 2 solution
1 - use from user and pass (but pass dont have any option for command line and only with standard input can input pass)
2 - used from cookie (but openconnect not work with cookie for me !)
For Cookie i do this
-send user with post method to server
-server ask for password
-send password with post method to server
-if all is ok and auth id = success
-read header and get cookie
open command line and send ip and cookie to openconenct
and Error !
Creating SSL connection failed
command line code
openconnect.exe vpn.server.ip --no-cert-check -C "webvpn=BPlUDg9oaTN2uQQ0DQvH7QopD3x5NahiCHQgTqKQ7KPJg38dSuvqLmYIo9Jskig; Secure,webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; Secure,webvpnc=bu:/&p:t&iu:1/&sh:7350D46A8EE85D06&lu:/+CSCOT+/translation-table?textdomain%3DAnyConnect%26type%3Dmanifest&fu:profiles%2F/etc/ocserv/profile.xml&fh:6B5181182D2B5483FBB8D2AA1BCBACC9A70E2BA3; path=/; Secure"
for send user and pass with post method i use from C#
2 - for user and pass i do this work
use from command line for auto fill input with this code
type password | openconnect.exe vpn.server.ip -u username --no-cert-check
and
password | openconnect.exe vpn.server.ip -u username --no-cert-check
and
openconnect.exe vpn.server.ip -u username --no-cert-check < pas.txt
and again error !!!
Password: ReadConsole() failed: The handle is invalid.
now i want to know whats wrong in my code ??
or have any better solution for accept cookie or auto fill input ?
if you have any idea please tell me.
thanks and kind regards.
openconnect command line info
Openconnect Autofill Username and Password
There is a trade-off between convenience and security. Autofill user and password is not recommended in terms of security.
In case you need the convenience to make an autoconnection using openconnect here is a simple example steps:
Simple Steps Example
Create a plaintext password file
mypass.txt
contains only the password:
mysupersecretpassword
Create a script to call openconnect
myscript.sh contains two lines of command:
openconnect --protocol=gp vpn.mycompany.com --user=abc123 --passwd-on-stdin < mypass.txt
./myscript.sh
the second line ./myscript.sh is intentionally added to make the script loop forever thus create a persistent VPN connection.
Make script executable
In terminal line:
chmod +x myscript.sh
Run your script
run your script with a sudo privilege
sudo ./myscript.sh
to exit the loop just press CTRL + C
For More Security
For added security you can make the process not so simple:
put your script and password file in a protected/hidden directory that only root level user can access;
Encrypt the plaintext password file and make another script to decrypt and read the password for example using linux gpg, but you will still have to enter the encryption/decryption passphrase.
In ubuntu you can use this:
openconnect --script ./vpnc.sh target-domain --no-cert-check -u username --passwd-on-stdin < pass.txt
Hope this helps.

Decryption with gpg

gpg --output C:\ecshome\mboxes\store\20150410_030846_1_0001_6pik.msg.
asc --passphrase abcd. --no-default-keyring --decrypt C:\ecshome\mboxes\store\20150410_030846_1_0001_6pik.msg
When I try to decrypt an email message by using gpg from the command prompt, it works. But when I try to decrypt the same with a Perl script by using external command, it shows the "Secret key not available" error (On Windows).
You haven't shown us the way you quote that command in perl, but allow me guess that you haven't taken into account the fact that the backslash is both the Windows directory seperator and the Perl string escape. You should be aware that "\e", the 3rd character in your --output & --decrypt paths, is the character (ESC). The sequences "\m" and "\s" interpolate to 'm' and 's' respectively.
Possible solutions include either delimiting the string with q()/single quotes or doubling up the backslashes in qq()/qx()/double quotes/back quotes.
The problem was with pubkey ring. Apparently its stored for each user under their application data directory if you don't mention any home directory specifically at time of installation. If you execute from Command prompt it will directly take from the present user's applicatin data but from perl it wont check there.U have to specifically Configure GNUPGHOME to that folder (application data) then run the perl script.

how to test a .7z archive is password protected from command line?

I'm writing a piece of powershell code to wrap the 7z.exe command line utility. Let's say I have a list of 7z archives and I want to pass the default password to 7z.exe if the archive is password protected and does not pass the password if it's not password protected. I need to way to find whether the 7z archive need a password. How to do that? Thank you.
It's not error to specify a password for unprotected archives. So, just pass it for every archive.