Decrypt sysprep unattend.xml user password

1

How do I decrypt user passwords that are encrypted and used in Windows 7 Sysprep unattend.xml file?

What Encryption method is used in this file?

enflam3

Posted 2012-04-05T09:07:27.397

Reputation: 75

Answers

2

It is a base64-encoded string. The way to make the original password visible is to unencode (decode) it. You can do this with a PowerShell script like this:

$encryptedpassword = "SQBKAHMALgBiAGwAbwBlAG0AMwBQAGEAcwBzAHcAbwByAGQA"
Write-Host [system.text.encoding]::Unicode.GetString([system.convert]::Frombase64string($encryptedpassword))

or use online base64 decoder like this: https://www.base64decode.org/

Paul Wiegmans

Posted 2012-04-05T09:07:27.397

Reputation: 36

After you decode, get rid of Password at the end. – E.V.I.L. – 2017-09-20T18:53:31.443

Nice snippet! There was a () missing somewhere, this worked for me: $encryptedpassword = "SQBKAHMALgBiAGwAbwBlAG0AMwBQAGEAcwBzAHcAbwByAGQA" $dPwD= ([system.text.encoding]::Unicode.GetString([system.convert]::Frombase64string($encryptedpassword)));write-host $dPwD.Substring(0,($dPwD.length-8)) – Shermansen – 2018-02-13T09:55:56.533

Asked: 2012-04-05T09:07:27.397

Viewed: 12 656 times

Active: 2019-12-02T21:36:00.620