3
:start
echo Try to hack this password!
set/p "pass=>"
if not %pass% == Ebaturvaline177 goto vale
echo Correct!!
pause
 start "" https://stackoverflow.com
exit
:vale
echo Wrong.
goto :start

How can I encrypt/hash the password so people just cant view the code and see the code?

Justaus3r
  • 395
  • 5
  • 15
bnajea
  • 41
  • 1
  • 6
  • First: Welcome to Stackoverflow! Second: I hope this is not your password you just posted... Third: Please try to research first, this question was already asked. – Dollique Jan 12 '21 at 18:47
  • Before you look at encrypting the password, you'll need to make significant changes to the code you've supplied. There have been a great many topics on this site which deal with prompted input, and how to use the if command. I'd advise you to use the search facility to locate some to assist you. Perhaps opening a Command Prompt window, typing `if /?`, and pressing the `[ENTER]` will help, as well as starting a search using [\[batch-file\] encrypt password](https://stackoverflow.com/search?q=%5Bbatch-file%5D+encrypt+password)! – Compo Jan 12 '21 at 19:17

2 Answers2

5

I was interested after reading your question so i decided to make a batch-file that is kind of accomplishing what you are trying to do. instead of storing raw password i am storing MD5 Hash in a file and then i am comparing user input that is also hashed with the hash stored in a file named pass.txt.

Crackme.bat:

@echo off & setlocal
:loop
set userinput=
set /p userinput=Try Crack me:
set "plaintext=%userinput%"
set "file=%temp%\%~n0.tmp"
set md5=

if not defined plaintext set /P "plaintext="

if exist "%plaintext%" (
    set "file=%plaintext%"
) else for %%I in ("%file%") do if %%~zI equ 0 (
    <NUL >"%file%" set /P "=%plaintext%"
)

for /f "skip=1 delims=" %%I in ('certutil -hashfile "%file%" MD5') do (
    if not defined md5 set "md5=%%I"
)

2>NUL del "%temp%\%~n0.tmp"

echo %md5: =% >>file.txt
set /p passhash=<file.txt
ping localhost -n 2 >nul
del file.txt
set /p passtocrackhash=<pass.txt
if %passhash% equ %passtocrackhash% ( goto cracked) else ( goto  error)
:error
echo Wrong pass
goto loop
:cracked
echo Hurrah!you cracked the password it was %userinput%

This batch file will take user input and compare it with the hash stored in pass.txt,if the password is correct then a success message is shown otherwise an error is thrown and is looped back for another try

pass.txt:

8b1a9953c4611296a827abf8c47804d7

Just make a file named as pass.txt and type the md5 hash of your password and save it.you can create an md5 hash from following batch-file or online . Just save the code as .bat open cmd in same directory and give the string that you want to hash as an argument to batch file

Well anyone is welcomed to edit the code for improvement...

Justaus3r
  • 395
  • 5
  • 15
  • You should also really be clearing the content of `%userinput%`, as using enter, would essentially send the last used content as its value data. – Compo Jan 12 '21 at 19:25
  • @Compo thank-you for reminding. i didn't thought about it – Justaus3r Jan 12 '21 at 19:46
  • You can use `pause` at the end of the code so that it will not close immediately after a user cracked the password. – CHOO YJ Jul 03 '21 at 06:41
  • @CHOOYJ Depends on who is using the code ,if you are using the batch file like me in cmd then you don't need pause.if you are running it explicitly(by clicking the batch-file) then you will need ```pause```. – Justaus3r Jul 18 '21 at 15:45
2

If the user has access to the source code, they have access to bypass the password.

If it's just a fun challenge, you could try hashing the input and checking against the hashed version of your password instead of storing plaintext.

This would require some file system management, however. I do not know of a way to hash input to a batch file directly.

D M
  • 5,769
  • 4
  • 12
  • 27