What would be the Windows batch equivalent for HTML's input type="password"?
Asked Answered
T

11

12

I need to get authentication credentials from the users within a Windows script but the classic "first Google result" approach:

SET /P USR=Username: 
SET /P PWD=Password: 

is less than satisfying, so I was wondering if there's let's say an "equivalent" to HTML's input type="password"?

Any comment would be really appreciated, thanks much in advance!

Tammy answered 13/11, 2008 at 13:12 Comment(3)
Can you provide a little more context; is this for mapping/accessing a share, logging into a remote machine, or something else?Electrostriction
Basically users should provide their credentials in order authenticate against a Subversion repository. By now we've implemented a workaround based in some conventions, but it'd be great to implement a solution without having to set such constraints which clearly decrease security strength.Tammy
Very important question. We need scripts to startup apps, such scripts need to be archived, but passwords must not be stored in scripts, not be archived in scripts, and, on entry, not show on the screenFleming
A
5

check out this

http://www.netikka.net/tsneti/info/tscmd052.htm

@echo off & setlocal enableextensions
    :: Build a Visual Basic Script
    set vbs_=%temp%\tmp$$$.vbs
    set skip=
    findstr "'%skip%VBS" "%~f0" > "%vbs_%"
    ::
    :: Prompting without linefeed as in Item #15
    echo.|set /p="Password: "

    :: Run the script with Microsoft Windows Script Host Version 5.6
    for /f "tokens=* delims=" %%a in ('cscript //nologo "%vbs_%"') do set MyPass1=%%a

    ::
    ::echo.
    echo.|set /p="Retype  : "

    for /f "tokens=* delims=" %%a in ('cscript //nologo "%vbs_%"') do set MyPass2=%%a
    ::

    :: Clean up
    for %%f in ("%vbs_%") do if exist %%f del %%f
    ::
    :: Demonstrate the result
    echo.
    if "%MyPass1%"=="%MyPass2%" (
      echo The entered password was %MyPass1%
      ) else (
      echo No match)
    endlocal & goto :EOF
    '
    'The Visual Basic Script
    Set WshPass = WScript.CreateObject("ScriptPW.Password") 'VBS
    Password=WshPass.GetPassWord() 'VBS
    WScript.Echo PassWord 'VBS
Always answered 13/11, 2008 at 13:12 Comment(1)
Since the "ScriptPW.Password" object is not supported in Windows Vista , Windows 7 and Windows Server 2008, I developed a little C# console application to use instead.Hebetate
H
4

By judicious use of another tool freely available on Windows, the following two scripts do the job you want.

First, GetPwd.cmd:

@echo off
:: GetPwd.cmd - Get password with no echo.
<nul: set /p passwd=Password: 
for /f "delims=" %%i in ('cscript /nologo GetPwd.vbs') do set passwd=%%i
echo.
:: This bit's just to prove we have the password.
echo %passwd%

Then, GetPwd.vbs:

' GetPwd.vbs - Get password with no echo then echo it. '
Set oScriptPW = CreateObject("ScriptPW.Password")
strPassword = oScriptPW.GetPassword()
Wscript.StdOut.WriteLine strPassword

Explanation:

GetPwd.vbs simply uses the password object to input the password from the user and then print it to standard output (next paragraph will explain why that doesn't show up in the terminal).

GetPwd.cmd is a bit trickier (but command scripts usually are).

The "<nul: set /p passwd=Password: " command simply outputs the prompt with no trailing CR/LF - it's a sneaky way to emulate bash's "echo -n". It sets passwd to an empty string as a side effect and doesn't wait for input since it's taking its input from the nul: device.

The "for /f "delims=" %%i in ('cscript /nologo GetPwd.vbs') do set passwd=%%i" statement is the trickiest bit. It runs the vbscript with no Microsoft advertising (/nologo), so that the only line output is the password (from the vbscript "Wscript.StdOut.WriteLine strPassword".

Setting the delimiters to nothing is required to capture input lines with spaces, otherwise you just get the first word. The "for ... do set ..." sets passwd to be the actual password output from the vbscript.

Then we echo a blank line (actually terminate the "Password: " line) and echo the password so you can verify it works:

C:\Pax> GetPwd
Password:
this is my password

C:\Pax> 

The scriptpw.dll is available with XP and 2K3 but not necessarily later versions.

Instructions for Vista and presumably Win7 are below, give them a try:

To mask the password, the script takes advantage of the ScriptPW COM object. ScriptPW is loaded by default on Windows XP and Windows 2003. If you’re running Windows 2000 or Windows Vista, you will need to copy the scriptpw.dll file from the Windows\System32 folder of an XP system, or Windows 2003 system to the Winnt\System32 or Windows\System32 folder on your Windows 2000 or Vista system. Once the DLL has been copied, you will need to register it by running the command:

regsvr32 scriptpw.dll

To successfully register the DLL on a Vista machine, you will need to open the command prompt as administrator. To do this, click Start | All Programs | Accessories. Then right-click on the Command Prompt shortcut and select “Run as administrator.” Once at the command prompt as administrator, you’ll be able to successfully run the regsvr32 scriptpw.dll command to register the DLL.

Hydromechanics answered 29/3, 2009 at 13:43 Comment(0)
F
2

1.Pure batch solution that (ab)uses XCOPY command and its /P /L switches found here :

:: Hidden.cmd
::Tom Lavedas, 02/05/2013, 02/20/2013
::Carlos, 02/22/2013
::https://groups.google.com/forum/#!topic/alt.msdos.batch.nt/f7mb_f99lYI


@Echo Off
:HInput
SetLocal EnableExtensions EnableDelayedExpansion
Set "FILE=%Temp%.\T"
Set "FILE=.\T"
Keys List >"%File%"
Set /P "=Hidden text ending with Ctrl-C?: " <Nul
Echo.
Set "HInput="
:HInput_
For /F "tokens=1* delims=?" %%A In (
 '"Xcopy /P /L "%FILE%" "%FILE%" 2>Nul"'
) Do (
  Set "Text=%%B"
  If Defined Text (
    Set "Char=!Text:~1,1!"
    Set "Intro=1"
    For /F delims^=^ eol^= %%Z in ("!Char!") Do Set "Intro=0"
    Rem If press Intro
    If 1 Equ !Intro! Goto :HInput#
    Set "HInput=!HInput!!Char!"
  )
)
Goto :HInput_
:HInput#
Echo(!HInput!
Goto :Eof 

2.Password submitter that uses a HTA pop-up . This is a hybrit .bat/jscript/mshta file and should be saved as a .bat:

<!-- :
:: PasswordSubmitter.bat
@echo off
for /f "tokens=* delims=" %%p in ('mshta.exe "%~f0"') do (
    set "pass=%%p"
)

echo your password is %pass%
exit /b
-->

<html>
<head><title>Password submitter</title></head>
<body>

    <script language='javascript' >
        function pipePass() {
            var pass=document.getElementById('pass').value;
            var fso= new ActiveXObject('Scripting.FileSystemObject').GetStandardStream(1);
            close(fso.Write(pass));

        }
    </script>

    <input type='password' name='pass' size='15'></input>
    <hr>
    <button onclick='pipePass()'>Submit</button>

</body>
</html>

3.A self-compiled .net hybrid .Again should be saved as .bat .In difference with other solutions it will create/compile a small .exe file that will be called (if you wish you can delete it). Also requires installed .net framework but that's rather not a problem:

@if (@X)==(@Y) @end /* JScript comment
@echo off
setlocal

for /f "tokens=* delims=" %%v in ('dir /b /s /a:-d  /o:-n "%SystemRoot%\Microsoft.NET\Framework\*jsc.exe"') do (
   set "jsc=%%v"
)

if not exist "%~n0.exe" (
    "%jsc%" /nologo /out:"%~n0.exe" "%~dpsfnx0"
)

for /f "tokens=* delims=" %%p in ('"%~n0.exe"') do (
    set "pass=%%p"
)

echo your password is %pass%

endlocal & exit /b %errorlevel%

*/



import System;



var pwd = "";
var key;

Console.Error.Write("Enter password: ");

        do {
           key = Console.ReadKey(true);
           if ( (key.KeyChar.ToString().charCodeAt(0)) >= 20 && (key.KeyChar.ToString().charCodeAt(0) <= 126) ) {
              pwd=pwd+(key.KeyChar.ToString());
              Console.Error.Write("*");
           }   

        } while (key.Key != ConsoleKey.Enter);
        Console.Error.WriteLine();
        Console.WriteLine(pwd);
Fauna answered 13/11, 2008 at 13:12 Comment(0)
D
1

You may use ReadFormattedLine subroutine for all kind of formatted input. For example, the commands below read an username and password of 8 characters each, display asterisks in the screen, and continue automatically with no need to press Enter:

call :ReadFormattedLine USR="********" /M "Username: "
call :ReadFormattedLine PWD="********" /M "Password: "

Or in a different way:

call :ReadFormattedLine nameAndPass="******** / ********" /M "Enter Username / Password: "

In previous example, when the user completed the username, the subroutine display the slash and read the password; if the user delete characters, the slash is also deleted automatically.

This subroutine is written in pure Batch so it does not require any additional program, and it allows several formatted input operations, like read just numbers, convert letters to uppercase, etc. You may download ReadFormattedLine subroutine from Read a line with specific format.

Dirham answered 13/11, 2008 at 13:12 Comment(0)
V
1

Another approach is to call PowerShell commands from your Batch script. Here's an example that configures the logon account of a service:

$password = Read-Host "Enter password" -AsSecureString;
$decodedpassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password));
& "sc.exe" config THE_SERVICE_NAME obj= THE_ACCOUNT password= $decodedPassword;

where THE_SERVICE_NAME is the name of the service to configure and THE_ACCOUNT is the logon account.

Then we can use it from a batch script like that:

call powershell -Command "$password = Read-Host "Enter password" -AsSecureString; $decodedpassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password)); & "sc.exe" config THE_SERVICE_NAME obj= THE_ACCOUNT password= $decodedPassword;"

which is simply calling PowerShell.exe and passing the three commands.

The advantage of this approach is that the majority of Windows installations today include PowerShell, so no extra program or script is needed. The drawback is that you will need to either use the password inside the PowerShell call (like in my example) or store it in an environment variable and then use it from your batch script. I preffer the former because it is more secure and simpler.

Voltz answered 13/11, 2008 at 13:12 Comment(0)
O
1

If you can install Cygwin, you'll get a bash shell by default, so this command will work:

read -s -p "Password: " PASSWORD

Only problem is now the value of PASSWORD is only set in the bash shell, not as an environment variable a batch file can see (don't use PWD as this means something else in cygwin). So you would have to rewrite your script as a bash shell script (maybe not too hard given the limitations of the command prompt!).

Or you could pass the password into a batch script from cygwin, but this means running a new instance of the command prompt:

cmd /cyourbatchfile.bat $PASSWORD

All a bit convoluted and not at all satisfying ;)

Onitaonlooker answered 13/11, 2008 at 13:12 Comment(1)
If you can install Cygwin ... seems like overkillNeogaea
J
1

I assume that you want no echo of the password on the screen.

If a pop-up window is ok for you, you could use e.g. VBScript to show an IE window displaying a password field. Here's an example.

As an alternative you could call your script from an HTA (HTML Application) file (see Introduction to HTML Applications (HTAs).

Regards, divo

Jeweljeweler answered 13/11, 2008 at 13:12 Comment(0)
W
1

We do stuff like this all the time but put the password in the commandline and pass it to a variable in the batch file.

Weir answered 3/2, 2009 at 17:49 Comment(0)
F
0

Original poster asked for a DOS BATCH solution that allows for input of a password without printing it on the screen. All solutions so far use some external script, VBA, Powershell, Cygwin, whatever. To me, none of these are a nice, clean and simple.

In my case, I will go the python route. A DOS BAT script can easily be replaced by a simple python script. In python, the password entry problem is trivially solved with import getpass; password = getpass.getpass() . Then, python is a lightweight and reliable extension to your windows pc, and the script may be portable to other OS's (linux, mac). In my case, I need a startup script for Pentaho, a tool that is available for windows and linux.

This issue makes you wonder why write scripts in BAT or even BASH. Is powershell really an improvement on BAT, and does python perhaps solve problems in all of these systems?

This also makes you wonder how Powershell could miss the boat here. Why is the python call not also in Powershell, there is no licensing issue??? The "not invented here" syndrome?

Of course, there will be very simple situations where a BAT (or BASH) script is the easiest way, or where Powershell is required, but otherwise I'd go for python.

Fleming answered 13/11, 2008 at 13:12 Comment(0)
S
0

I wrote an open-source tool called editenv that replaces my older editv32/editv64 utilities:

https://github.com/Bill-Stewart/editenv

It provides the --maskinput (-m) option[*] that lets you hide the typed input. Example:

editenv --maskinput --prompt="Password: " PWD

This command displays a Password: prompt, and whatever you enter is placed in the PWD environment variable.

Download here:

https://github.com/Bill-Stewart/editenv/releases

[*] Note that the --maskinput (-m) option is not secure -- typed input is placed in plain-text in the environment. This feature is for convenience only.

Snore answered 13/11, 2008 at 13:12 Comment(0)
O
0

ConSet is a free tool written by Frank P. Westlake. It is an extended version of standard Windows command set.

ConSet.exe - Displays, sets, or deletes cmd.exe environment variables, modifies console parameters, and performs floating point mathematics.

As it is not a standard Windows console application, the usage of this tool requires either the distribution of this tool together with the batch file or the tool is stored on a server share and the batch file calls this tool directly from the server share.

ConSet makes a prompt for a password string with hidden input assigned to an environment variable very easy:

ConSet.exe /PH "PWD=Password: "

The additional parameter H results in hiding user input.

Obit answered 13/11, 2008 at 13:12 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.