本文共 15343 字,大约阅读时间需要 51 分钟。
vbscript 加密函数
It seems these days I’m writing a lot of VBScript scripts. My scripts are often interacting with a MySQL database but could be doing other things as well, such as connecting to workstations to push files. One of the biggest problems with scripts that need credentials is how to store the password in these clear text files. I’ve come up with a reversible encryption to store the password. The script below allows you to completely encrypt or decrypt a password using a custom key.
如今看来,我正在编写许多VBScript脚本。 我的脚本经常与MySQL数据库进行交互,但是也可以做其他事情,例如连接到工作站以推送文件。 需要凭据的脚本的最大问题之一是如何在这些明文文件中存储密码。 我想出了一种可逆的加密方式来存储密码。 下面的脚本使您可以使用自定义密钥完全加密或解密密码。
Now I fancy myself as security aware – I am not an IT Security professional. And this script is not intended as a truly secure method of storing passwords. Nor am I suggesting it is unbreakable or otherwise hard to decode without the key and encryption methodology below. It is ONLY meant to OBSCURE otherwise clear-text passwords in VBScripts. And obscurity is not security. Clear?
现在,我幻想自己具有安全意识–我不是IT安全专业人员。 而且该脚本并非旨在作为一种真正安全的密码存储方法。 如果没有下面的密钥和加密方法,我也不会暗示它是坚不可摧的,否则很难解码。 这仅是为了避免在VBScript中使用其他明文密码。 默默无闻不是安全。 明确?
On to the script…
进入脚本...
Option ExplicitFunction GetParam(ParamNumber) 'Exclusive to VBS Scripts Dim GetParam_CmdArgs Set GetParam_CmdArgs = WScript.Arguments If GetParam_CmdArgs.Count = 3 Then GetParam = GetParam_CmdArgs(ParamNumber) ElseIf GetParam_CmdArgs.Count = 1 Then If UCase(Left(GetParam_CmdArgs(0), 1)) = "H" Then Help End IfEnd FunctionFunction ValidKey(Key) 'Ensures constants when computing character hexadecimal values don't exceed 255 (FF) Dim ValidKey_KeyParams ValidKey_KeyParams = Split(Key, "-") 'Using "-" as a delimiter makes it impossible to have a negative number If UBound(ValidKey_KeyParams) <> 2 Then 'Wrong number of parameters in key ValidKey = False Else 'Max computed value is 127. If ValidKey_KeyParams(0) + (ValidKey_KeyParams(1) * ValidKey_KeyParams(2)) > 127 Then ValidKey = False Else ValidKey = True End If End IfEnd FunctionFunction DecryptPassword(UseHash, Key) Dim DecryptPassword_KeyParams Dim DecryptPassword_PWChar Dim DecryptPassword_ChkChar Dim DecryptPassword_UseString Dim DecryptPassword_Count DecryptPassword_KeyParams = Split(Key, "-") DecryptPassword_UseString = UseHash DecryptPassword_Count = 0 Do Until Len(DecryptPassword_UseString) < 3 '3 is minimum length of a character Char 1 = Salt 0, Char 2, 3 = Hex of Ascii code DecryptPassword_ChkChar = CInt(Left(DecryptPassword_UseString, 1)) 'Start with the first character of the current version of the password string DecryptPassword_PWChar = (CInt(Clng("&h" & Mid(DecryptPassword_UseString, DecryptPassword_ChkChar + 2, 2)) - (DecryptPassword_KeyParams(0) + DecryptPassword_KeyParams(1) * DecryptPassword_ChkChar))) DecryptPassword = DecryptPassword & Chr(DecryptPassword_PWChar) DecryptPassword_UseString = Trim(Right(DecryptPassword_UseString, Len(DecryptPassword_UseString) - DecryptPassword_ChkChar - 3)) LoopEnd FunctionFunction RandomChar 'Generate a random hexadecimal value Randomize Timer RandomChar = Trim(Hex(Int(Rnd * 16)))End FunctionFunction EncryptPassword(UsePassword, Key) Dim EncryptPassword_Character Dim EncryptPassword_SaltChars Dim EncryptPassword_KeyParams Dim EncryptPassword_Salt If ValidKey(Key) = False Then WScript.Echo "The key provided is not valid." WScript.Echo "" Help End If EncryptPassword_KeyParams = Split(Key, "-") Randomize Timer If Len(UsePassword) > 0 Then For EncryptPassword_Character = 1 To Len(UsePassword) EncryptPassword_SaltChars = Int(Rnd * (EncryptPassword_KeyParams(2) + 1)) EncryptPassword = EncryptPassword & EncryptPassword_SaltChars For EncryptPassword_Salt = 1 To EncryptPassword_SaltChars EncryptPassword = EncryptPassword & RandomChar Next EncryptPassword = EncryptPassword & Hex(Asc(Mid(UsePassword, EncryptPassword_Character, 1)) + (EncryptPassword_KeyParams(0) + EncryptPassword_SaltChars * EncryptPassword_KeyParams(1))) Next End If If Len(EncryptPassword) Mod 2 = 1 Then EncryptPassword = EncryptPassword & RandomChar 'Ensures hash value is always evenEnd FunctionSub Main 'The glue to the above functions; While it may exist on other platforms, code likely differs greatly. If UCase(Left(GetParam(0), 1)) = "E" Then WScript.Echo EncryptPassword(GetParam(1), GetParam(2)) ElseIf UCase(Left(GetParam(0), 1)) = "D" Then WScript.Echo DecryptPassword(GetParam(1), GetParam(2)) ElseIf UCase(Left(GetParam(0), 1)) = "H" Then Help Else WScript.Echo "Bad parameters" End IfEnd SubSub Help 'Exclusive to VBS Scripts WScript.Echo "" WScript.Echo "Usage:" WScript.Echo " " & WScript.ScriptName & " Encrypt Password Key" WScript.Echo " " & WScript.ScriptName & " Decrypt PasswordHash Key" WScript.Echo "" WSCript.Echo "Example:" WScript.Echo " " & WScript.ScriptName & " Encrypt ThisIsMyPassword 10-6-5" WScript.Echo " " & WScript.ScriptName & " Decrypt 08C07D32FCA413962EAA13E5995D 10-6-5" WScript.Echo "" WScript.Echo " Parameter 1 identifies the action. Only the first letter is" WScript.Echo " evaluated. Not case sensitive." WScript.Echo " Parameter 2 identifies the password to encode or hash to" WScript.Echo " decode. Passwords are case sensitive, hashes are not." WScript.Echo " Parameter 3 identifies the key. See below." WScript.Echo "" WScript.Echo "Notes: " WScript.Echo " The value of the first number + (second number * third number)" WScript.Echo " cannot exceed 127. A key of 60-9-5 = 105 and is valid. A key of" WScript.Echo " 50-9-9 = 131 and would not be valid. Dashes (-) must be used." WScript.Echo "" WScript.Echo " The maximum value of the last digit in the key is 9." WScript.Echo "" WScript.QuitEnd SubMain 'Execute the script. First, you’ll need the complete script so that you can encode a password, creating the hash. The hash is then used in place of your password in the script. Save the above code to a .vbs file name of your choosing. In the screen shot below, I've saved it to ObscurePW.vbs to create a hash for a sample password of "SamplePassword1"
首先,您需要完整的脚本,以便可以对密码进行编码,从而创建哈希。 然后,使用散列代替脚本中的密码。 将上面的代码保存到您选择的.vbs文件名中。 在下面的屏幕快照中,我将其保存到ObscurePW.vbs中,以为“ SamplePassword1”示例密码创建哈希值
When using with your own scripts, you just need to copy the decrypt function into your own script.
与自己的脚本一起使用时,只需将解密功能复制到自己的脚本中。
Here's a sample script that maps a network drive to \\computer1\share1 specifying the user and password to use when connecting:
这是一个示例脚本,该脚本将网络驱动器映射到\\ computer1 \ share1,指定在连接时要使用的用户和密码:
Dim NetworkSet Network = WScript.CreateObject("WScript.Network")UserNameVariable = "administrator"PasswordVariable = "SamplePassword1"Network.MapNetworkDrive "Z:", "\\computer1\share1", "false", UserNameVariable, PasswordVariable As anyone can see, the password is "SamplePassword1". So if we modified the script by adding the DecryptPassword function, we could then set the password to the hash above and instead of referencing the PasswordVariable, we reference Decrypt(PasswordVariable, "12-5-7"). Now this is what the code looks like:
谁都可以看到,密码为“ SamplePassword1”。 因此,如果我们通过添加DecryptPassword函数来修改脚本,则可以将密码设置为上面的哈希,而不是引用PasswordVariable,而是引用Decrypt(PasswordVariable,“ 12-5-7”)。 现在,代码如下所示:
Function DecryptPassword(UseHash, Key) Dim DecryptPassword_KeyParams Dim DecryptPassword_PWChar Dim DecryptPassword_ChkChar Dim DecryptPassword_UseString Dim DecryptPassword_Count DecryptPassword_KeyParams = Split(Key, "-") DecryptPassword_UseString = UseHash DecryptPassword_Count = 0 Do Until Len(DecryptPassword_UseString) < 3 '3 is minimum length of a character Char 1 = Salt 0, Char 2, 3 = Hex of Ascii code DecryptPassword_ChkChar = CInt(Left(DecryptPassword_UseString, 1))'Start with the first character of the current version of the password string DecryptPassword_PWChar = (CInt(Clng("&h" & Mid(DecryptPassword_UseString, DecryptPassword_ChkChar + 2, 2)) - (DecryptPassword_KeyParams(0) + DecryptPassword_KeyParams(1) * DecryptPassword_ChkChar))) DecryptPassword = DecryptPassword & Chr(DecryptPassword_PWChar) DecryptPassword_UseString = Trim(Right(DecryptPassword_UseString, Len(DecryptPassword_UseString) - DecryptPassword_ChkChar - 3)) LoopEnd FunctionDim NetworkSet Network = WScript.CreateObject("WScript.Network")UserNameVariable = "administrator"PasswordVariable = "2406964158338B7B3AE2D29C6F733169A4C3BC8C5F04BB8A31096B53A0EB8637778E07F118807B511678972D27A1A425"Network.MapNetworkDrive "Z:", "\\computer1\share1", "false", UserName, DecryptPassword(PasswordVariable, "12-5-7") Note: if you're planning on testing the above sample script, don't use as administrative share to do so. Restrictions in place through UAC can prevent even local administrator accounts from accessing the admin shares. For more information, see
注意:如果您打算测试上述示例脚本,请不要用作管理共享。 通过UAC进行的限制可能会阻止本地管理员帐户访问管理员共享。 有关更多信息,请参阅
The Key
钥匙
To encrypt, the function uses three things:
要加密,该函数使用三件事:
With a key of 12-5-7 we are taking the ASCII value of the character and adding 12 to it. Then we're also adding 35 to it (5x7). Finally we're adding UP TO 7 salt digits to the hash - this is randomly determined and why the hash can vary in length each time you encrypt - as well as why the hash can vary in appearance.
使用12-5-7键,我们将字符的ASCII值加上12。 然后我们还要添加35(5x7)。 最终,我们在哈希中添加了多达7个盐位数-这是随机确定的,并且为什么每次加密时哈希的长度都可能会有所变化-以及为什么哈希的外观会有所不同。
When we store the value to decode, the first digit is the number of salt characters (therefore, the number of salt characters cannot be greater than 9 or it would take two digits (or I'd have to modify the code to accept hexadecimal numbers)). So when a hash starts with 3, the next three digits are, in essence, garbage, and ignored. Then the next two digits (digits 5 and 6) are the ASCII value of the character + (using the 12-5-7 key) 47.
当我们存储要解码的值时,第一个数字是盐字符的数量(因此,盐字符的数量不能大于9或需要两位数字(否则我必须修改代码以接受十六进制数字) ))。 因此,当散列以3开头时,接下来的三位数实质上是垃圾,并被忽略。 然后,接下来的两位数字(数字5和6)是字符+(使用12-5-7键)的ASCII值47。
Because non-special characters are all under ASCII 128, the maximum value the key can create without forcing a 3rd hexadecimal digit when creating the hash is 127 - which is why a key like 50-9-9 would fail (50+(9x9)) = 131.
因为所有非特殊字符都在ASCII 128下,所以在创建哈希时,该键可以创建而无需强制第三个十六进制数字的最大值是127-这就是为什么像50-9-9这样的键会失败(50+(9x9) )= 131。
Like I said, this is not fool proof encryption. If you know how to read it - or have access to the decryption function, it's very easy to crack. But for every day prying eyes, it should do the job nicely.
就像我说的那样,这不是万无一失的加密。 如果您知道如何阅读-或可以使用解密功能,则很容易破解。 但是,每天撬开眼睛,它应该做得很好。
Usage Scenarios
使用场景
This is considered reversible encryption meaning that you can decrypt it easily enough. If you're more of a programmer than I, you may be able to exploit better third party technologies like PGP. If you're not, or you don't have more than a basic need for security, this may be sufficient for you.
这被视为可逆加密,这意味着您可以轻松地对其进行解密。 如果您比我更是一名程序员,那么您也许可以利用更好的第三方技术,例如PGP。 如果您不是,或者除了基本的安全需求之外,这对您就足够了。
Again, this is NOT intended to secure highly sensitive information such as your bank account passwords, your domain admin credentials (in most cases), your bitcoin wallet, or your passwords to your private email. And I wouldn't recommend storing other people's passwords with this level of encryption.
同样,这并非旨在保护高度敏感的信息,例如您的银行帐户密码,域管理员凭据(在大多数情况下),您的比特币钱包或您的私人电子邮件密码。 而且我不建议使用这种加密级别存储其他人的密码。
That said, if anyone wants to IGNORE the decrypt/encrypt routines and has some kind of password cracking tool, I would encourage you to attempt to crack the password - just let me know you did it, with what tools, what password, and how long it took you.
就是说,如果有人想忽略解密/加密例程并拥有某种密码破解工具,我鼓励您尝试破解密码-请让我知道您使用什么工具,什么密码以及如何进行破解。花了你很长时间。
About the Script
关于脚本
I encourage you to review the code, see what I'm doing and if VBScript is not a strength, hopefully, you can pick up something new from it. Some of the things I'm doing to make this RELATIVELY secure is salting each and every character in the password with a random number of salt characters. This means that each time you run the encrypt function, you will get a different value, and likely, a different length. Without the DecryptPassword function, your average IT admin or script kiddie is not likely to be able to decode this. But, OBVIOUSLY, to make this work, the DecryptPassword function is embedded in the code. Still, it will take at least a LITTLE effort for someone to obtain the actual password.
我鼓励您检查代码,看看我在做什么,并且如果VBScript不是强项,希望您可以从中获得新的东西。 为了使此操作相对安全,我正在做的一些事情是使用随机数量的盐字符来盐化密码中的每个字符。 这意味着每次您运行加密功能时,您将获得一个不同的值,并且有可能获得一个不同的长度。 如果没有DecryptPassword功能,则普通的IT管理员或脚本小子可能无法对此进行解码。 但是,显然,要使此工作生效,DecryptPassword函数将嵌入在代码中。 尽管如此,至少要有人花一点时间才能获得实际的密码。
Important Note: The above script is designed to be executed from the command line using the CSCRIPT.EXE VBScript processor. The WSCRIPT.EXE VBScript processor is the default and will attempt to run things graphically. Since this script requires command line input (the action, password/hash, and key), it is not practical to run it through a simple double-click or the WSCRIPT.EXE processor. You must run it from the command line.
重要说明: 上面的脚本旨在使用CSCRIPT.EXE VBScript处理器从命令行执行。 WSCRIPT.EXE VBScript处理器是默认处理器,它将尝试以图形方式运行内容。 由于此脚本需要命令行输入(操作,密码/哈希和键),因此通过简单的双击或WSCRIPT.EXE处理器运行它是不实际的。 您必须从命令行运行它。
Other Uses
其他用途
While this script was written and tested as a VBScript, the Encrypt and Decrypt functions should work with little to no modification on other VB platforms, such as VB6, ASP, and VBA.
尽管此脚本是作为VBScript编写和测试的,但是Encrypt和Decrypt函数在其他VB平台(例如VB6,ASP和VBA)上应该几乎没有修改就可以工作。
翻译自:
vbscript 加密函数
转载地址:http://iyhzd.baihongyu.com/