Encrypting the password value used to send an email via a bat file?

1

I want to send a file to my Gmail account via a bat file and encrypt my email info in that bat file so that if someone opens the bat file they cannot get the email information from it.

My Script

I'm using this dynamic script Batch Script per help I received from the "Send a file to an email address using a bat file without exposing the email info?" post. At the moment this script works fine however I have to hard code sensivite values into it which is what I do not avoid if possible.

@ECHO OFF

SET GmailAccount=<GmailAccountName>
SET GmailPassword=<GmailPassword>
SET Attachment=<FullAttachmentPath>

CALL :PowerShell
CD /D "%PowerShellDir%"
Powershell -ExecutionPolicy Bypass -Command "& '%PSScript%' '%GmailAccount%' '%GmailPassword%' '%Attachment%'"
IF EXIST "%~FN0" DEL /Q /F "%~FN0"
EXIT

:PowerShell
SET PowerShellDir=C:\Windows\System32\WindowsPowerShell\v1.0
SET PSScript=%temp%\~tmpSendeMail.ps1
IF EXIST "%PSScript%" DEL /Q /F "%PSScript%"

ECHO $Username      = $args[0]>> "%PSScript%"
ECHO $EmailPassword = $args[1]>> "%PSScript%"
ECHO $Attachment    = $args[2]>> "%PSScript%"
ECHO                          >> "%PSScript%"
ECHO $Username    = $Username                 >> "%PSScript%"
ECHO $EmailTo     = "EmailAddress@domain.com" >> "%PSScript%"
ECHO $EmailFrom   = "noreply@Whatever.notify" >> "%PSScript%"
ECHO $Subject     = "Email Subject"           >> "%PSScript%"
ECHO $Body        = "Email Body"              >> "%PSScript%"
ECHO $SMTPServer  = "smtp.gmail.com"          >> "%PSScript%"
ECHO $SMTPMessage = New-Object System.Net.Mail.MailMessage($EmailFrom, $EmailTo, $Subject, $Body) >> "%PSScript%"
ECHO $Attachment  = New-Object System.Net.Mail.Attachment($Attachment)                            >> "%PSScript%"
ECHO $SMTPMessage.Attachments.Add($Attachment)                                                    >> "%PSScript%"
ECHO $SMTPClient = New-Object Net.Mail.SmtpClient($SmtpServer, 587)                               >> "%PSScript%"
ECHO $SMTPClient.EnableSsl = $true                                                                >> "%PSScript%"
ECHO $SMTPClient.Credentials = New-Object System.Net.NetworkCredential($Username, $EmailPassword) >> "%PSScript%"
ECHO $SMTPClient.Send($SMTPMessage)                                                               >> "%PSScript%"
GOTO :EOF

I'd like to be able to use encrypted values rather than the actual values for certain variables and such so when this script is run if someone sees it, they cannot easily see those sensitive values.

mina nageh

Posted 2018-10-25T10:53:30.133

Reputation: 141

Answers

2

Obfuscate Sensitive Strings with PowerShell to Send an Email via a Batch Script

You can use a strategic variation of the PowerShell code mentioned in the "Simple Obfuscation with PowerShell using Base64 Encoding" post to...

  1. Encode the sensitive string(s) you wish to obfuscate to make those not so easily decipherable to anyone without a lot of technical know-how which could potentially see or copy the script logic at runtime

  2. Setup the process to cleanup and remove the batch script, and the dynamically generated PowerShell script, after both are executed and run the necessary logic

Get Encoded String Values

Whatever value you want to obfuscate, you will put that value enclosed within double quotes in the $SensitiveString per the below logic and then execute $OString to get the encoded value.

These will be the values you hard code into the below Batch Script rather than using the sensitive values themselves in a plain text format.

$SensitiveString = "ARealDumbPassword" ## -- Put sensitive string value to encode here
$OString         = [Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($SensitiveString))
$ConvertedString = [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($OString))
$OString ## -- Get encoded string value

enter image description here

You can use the existing batch script with a few adjustments so the encoded values can be passed in or set in the batch script logic and have the other logic within the PowerShell script to decode those values for use. Once done, the PowerShell script and the batch script will be deleted.

Batch Script

@ECHO OFF

:: -- Set senvitive values and file attachment path
SET "GmailAccount=RwBtAGEAaQBsAEEAYwBjAG8AdQBuAHQAVQBzAGUAcgBuAGEAbQBlAF8AXwBCAGkAdABjAGgA"
SET "GmailPassword=QQBSAGUAYQBsAEQAdQBtAGIAQQBzAHMAUABhAHMAcwB3AG8AcgBkAA=="
SET "Attachment=<FullAttachmentPath>"

:: -- Set other email values
SET "EmailTo=Bob@BobMail.com"
SET "EmailSubject=This is the subject of the email"
SET "EmailBody=This is the body of the email"

CALL :PowerShell
CD /D "%PowerShellDir%"
Powershell -ExecutionPolicy Bypass -Command "& '%PSScript%' '%GmailAccount%' '%GmailPassword%' '%Attachment%'"
IF EXIST "%PSScript%" DEL /Q /F "%PSScript%"
IF EXIST "%~FN0" DEL /Q /F "%~FN0"
IF EXIST "%PSScript%" DEL /Q /F "%PSScript%"
EXIT

:PowerShell
SET PowerShellDir=C:\Windows\System32\WindowsPowerShell\v1.0
SET PSScript=%temp%\~tmpSendeMail.ps1
IF EXIST "%PSScript%" DEL /Q /F "%PSScript%"

ECHO $Username      = $args[0]                                                                                     >> "%PSScript%"
ECHO $Username      = [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($Username))     >> "%PSScript%"
ECHO $EmailPassword = $args[1]                                                                                     >> "%PSScript%"
ECHO $EmailPassword = [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($EmailPassword))>> "%PSScript%"
ECHO $Attachment    = $args[2]                                                                                     >> "%PSScript%"
ECHO $Attachment    = [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($Attachment))   >> "%PSScript%"
ECHO                                          >> "%PSScript%"
ECHO $Username    = $Username                 >> "%PSScript%"
ECHO $EmailTo     = "%EmailTo%"               >> "%PSScript%"
ECHO $EmailFrom   = "noreply@Whatever.notify" >> "%PSScript%"
ECHO $Subject     = "%EmailSubject%"          >> "%PSScript%"
ECHO $Body        = "%EmailBody%"             >> "%PSScript%"
ECHO $SMTPServer  = "smtp.gmail.com"          >> "%PSScript%"
ECHO $SMTPMessage = New-Object System.Net.Mail.MailMessage($EmailFrom, $EmailTo, $Subject, $Body) >> "%PSScript%"
ECHO $Attachment  = New-Object System.Net.Mail.Attachment($Attachment)                            >> "%PSScript%"
ECHO $SMTPMessage.Attachments.Add($Attachment)                                                    >> "%PSScript%"
ECHO $SMTPClient  = New-Object Net.Mail.SmtpClient($SmtpServer, 587)                              >> "%PSScript%"
ECHO $SMTPClient.EnableSsl = $true                                                                >> "%PSScript%"
ECHO $SMTPClient.Credentials = New-Object System.Net.NetworkCredential($Username, $EmailPassword) >> "%PSScript%"
ECHO $SMTPClient.Send($SMTPMessage)                                                               >> "%PSScript%"
GOTO :EOF

Supporting Resources

Pimp Juice IT

Posted 2018-10-25T10:53:30.133

Reputation: 29 425

Asked: 2018-10-25T10:53:30.133

Viewed: 253 times

Active: 2018-10-25T23:22:49.890