Computer Hope
Microsoft => Microsoft DOS => Topic started by: BM on December 03, 2009, 05:35:26 AM
-
Hi,
I'm using the following set /p pass= where we should insert a word to be saved in "pass" variable, I want to display starts instead of the characters (it is a password and I want it to be displayed as starts while I insert it to be saved in variable)
-
I found a copy of this both on the internet and in my snippet closet. It doesn't produce stars but it does hide the password. BTW, the password is password and is saved in the variable pass.
@echo off
echo hP1X500P[PZBBBfh#b##fXf-V@`$fPf]f3/f1/5++u5>hide.com
:retry
set /p userid=Enter UserId:
set /p pass=Enter password: < nul
for /f "tokens=*" %%i in ('hide.com') do set pass=%%i
if /i %pass%==password goto next
cls
echo Try again. You are not logged in!
goto retry
:next
echo. & echo You are logged in!
del hide.com
There are other ways to do this, most notably with IE and HTML or with Powershell.
Good luck. 8)
-
There is a third party utility called Editvar by Bill Stewart which can be used to get masked input in command scripts.
http://www.westmesatech.com/editv.html
It is in a zip with another utility called Choose
Archive has 32 bit and 64 bit versions of both utils
EditVar is similar to the Cmd.exe Set /p command in Windows 2000 and later, but it may be preferable for the following reasons:
* It allows you to edit a variable, not just set one.
* It can limit the length of the typed variable.
* It can mask the typed input for simple password security.
* It can limit typed input to numbers only.
* It offers a timeout feature (useful when a script needs to run unattended).
* It can automatically "escape" reserved shell characters in variables it creates.
* It provides useful exit codes: For example, an exit code of 4 means that the user pressed Ctrl-C to abort.
* It comes with an MS-DOS version that works in Windows 9x/Me as well as on MS-DOS boot media.
Choose is similar to the Microsoft Choice tool, but it has more features. Here are some reasons why it might be preferable to Choice:
* It doesn't beep when the user makes an invalid choice.
* It offers a "default key" feature, which lets a user press Enter to select a default choice.
* It comes with a real-mode DOS version (useful for MS-DOS boot media).
* The Win32 version's timeout feature doesn't get confused when you run multiple instances
in separate console windows (this was a problem with earlier Win32 console versions of Microsoft's Choice tool).
* A 64-bit version is provided.
* It can suppress the display of the user's choice.
* It offers a "line input" mode where the user must press Enter after making a choice.
-
Save this as with a vbs extension. Call it from your batch file using:
cscript /b filename.vbs
Set objPassword = CreateObject("ScriptPW.Password")
WScript.Echo "Please enter your password:"
strPassword = objPassword.GetPassword()
-
I don't think that is what the OP asked for, gregflowers. I think they meant "stars" or "asterisks" when they wrote "starts".
-
@sidewinder or someone else
can you explain the line
for /f "tokens=*" %%i in ('hide.com') do set pass=%%i
why it uses hide.com here.
Thanks
-
@sidewinder or someone else
can you explain the line
for /f "tokens=*" %%i in ('hide.com') do set pass=%%i
why it uses hide.com here.
Thanks
FOR /F %%i in (dataset) do set pass=%%i
means
run the FOR command. The /F switch means treat (dataset) as a series of one or more lines.
assign the line or lines in turn to the %%i loop variable.
set the variable %pass% equal to the last (or only) line processed.
(dataset) is the 'hide.com' - the name of a program in single quotes, so FOR will run the command and assign its output via %%i to %pass%.
hide.com is a command line program which accepts typed in text without echoing it on screen.
-
in this case i think that the pass variable will never be equal to password
as in the if condition
and according to my thinking, it will never validate the pass variable as password
(correct me if i am wrong)
and so the required result may not be fulfilled from the above batch code
so please explain further
-
in this case i think that the pass variable will never be equal to password
as in the if condition
What?
and according to my thinking, it will never validate the pass variable as password
(correct me if i am wrong)
The code does not know the password. You have to write that part.
and so the required result may not be fulfilled from the above batch code
so please explain further
Seems like you are not understanding.
The pass variable will be equal to the password if the user types the password correctly.
Nothing to explain.
-
pardon me annoying you but i want to learn a bit more
in the if condition, it is checking that if pass variable is equal to password then you go to next which shows that you are loged in
and you explained that in the statement
for /f "tokens=*" %%i in ('hide.com') do set pass=%%i
all what is in or the last line in hide.com is assigned to pass variable
so if the value of pass variable is the line from hide.com then how can it validate the pass=password
got my point
am i wrongly understanding it?
or am i correct in what i am saying
if i am wrong then can you take a moment to clarify it to me
thanks brother for your help
-
The code so far askes the user to type a password. What they type is placed in the variable %pass%.
Now you need to check if this is the real password.
So let us pretend the real password is Qyr1zupZ
if "%pass%"=="Qyr1zupZ" goto good
goto bad
:bad
echo Wrong password!
pause
exit
:good
echo Correct password
-
salmon Brother
I understood that point
the point where i am getting confused is that Mr. SideWinder is checking the password with if statement
but
he is assigning the variable pass, a value from hide.com through
for /f "tokens=*" %%i in ('hide.com') do set pass=%%i
(I keep in mind what you explained about the above line)
So if the variable pass is assigned a value from hide.com then will the following be validated
if /i %pass%==password goto next
Full code of sidewinder is:
@echo off
echo hP1X500P[PZBBBfh#b##fXf-V@`$fPf]f3/f1/5++u5>hide.com
:retry
set /p userid=Enter UserId:
set /p pass=Enter password: < nul
for /f "tokens=*" %%i in ('hide.com') do set pass=%%i
if /i %pass%==password goto next
cls
echo Try again. You are not logged in!
goto retry
:next
echo. & echo You are logged in!
del hide.com
-
So if the variable pass is assigned a value from hide.com then will the following be validated
if /i %pass%==password goto next
If the entered password contained in the variable %pass% is identical to the stored password in %password% then the IF test will be satisfied.
Personally I would not use the /i switch when checking a password. For obvious reasons.
In fact personally I would not be using a batch file to verify a password in a real life working situation where protection of data or preventing unauthorised access were important.
-
If the entered password contained in the variable %pass% is identical to the stored password in %password% then the IF test will be satisfied.
Personally I would not use the /i switch when checking a password. For obvious reasons.
In fact personally I would not be using a batch file to verify a password in a real life working situation where protection of data or preventing unauthorised access were important.
Agreed about the /i switch and doubly agree with using a batch file for password authentication. However this was simple a response to the OP who volunteered he was using set /p pass= which implied he wanted a batch solution.
One small note: there is no %password% variable. password is a literal that is the actual password.
If the OP has to have stars, a Powershell solution will accommodate him but the prerequisites seem a bit steep for such a simple request.
8)
Between password protection using batch files and converting simple text file scripts into executable files, I wonder why all this is necessary. Paranoia runs deep I guess.
-
:retry
set /p userid=Enter UserId:
set /p pass=Enter password: < nul
for /f "tokens=*" %%i in ('hide.com') do set pass=%%i
if /i %pass%==password goto next
Logical error, password was not defined. Otherwise, it works if password was already defined in the system earlier.
-
Logical error, password was not defined. Otherwise, it works if password was already defined in the system earlier.
password is not a variable, there is nothing to define. password is a literal. Setting the password to password was perhaps a poor choice although it seemed inspired at the time.
I made a few changes for the critics among you: (but the password is still password) :P
@echo off
setlocal
echo hP1X500P[PZBBBfh#b##fXf-V@`$fPf]f3/f1/5++u5>hide.com
:retry
set /p userid=Enter UserId:
set /p pass=Enter password: < nul
for /f "tokens=*" %%i in ('hide.com') do set pass=%%i
if /i .%pass%==.password goto next
cls
echo Try again. You are not logged in!
goto retry
:next
echo. & echo You are logged in!
del hide.com
endlocal
8)
Salmon is right, anybody serious about security would never use a batch file to authenticate a password. Hide.com is actually an assembled debug script which shuts off echoing on the command line, but at some point the password entered has to be compared to the actual password and this is where anybody that can read batch code can learn the password.
-
Sidewinder,
You are right!
Where can I find the source code for hide.com ?
-
Where can I find the source code for hide.com ?
Your Message here
I decided to take the source code down. The assembled code is in the batch file, so someone imaginative should be able to produce the source code. Good luck. 8)
-
Is there a command or value too, like if your password is 3 times incorrect wait 1 day?
-
Is there a command or value too, like if your password is 3 times incorrect wait 1 day?
what are you trying to do actually? manually hand crafting password control with batch?? If you want to do the above, you have to set policies
-
MS does not recommend using batch to manage passwords.
If you really need it, you will have to learn to read
programs in C++ and study the work of others.
MS-CHAP Password Management API
Purpose
The MS-CHAP Password Management API makes it possible to use MS-CHAP to change user passwords. Windows programmers can use this API to create applications to change the passwords of networked users on remote workstations.
http://msdn.microsoft.com/en-us/library/ms697873(VS.85).aspx
-
i also do