0

I have the following box that needs to be filled with a name and a password, how can I handle it with powershell from the InternetExplorer.Application object or with another object using powershell's own libraries:

enter image description here

zeros
  • 263
  • 1
  • 11
  • 1
    I don't think that's possible. – LPChip Aug 02 '22 at 09:15
  • I also believe that this is not possible: `or with another object using powershell's own libraries` – Markus Meyer Aug 02 '22 at 09:54
  • in computing everything is possible – zeros Aug 02 '22 at 09:56
  • well, good luck – Markus Meyer Aug 02 '22 at 10:05
  • @ortiga A few posts for additional starting ideas to expand on potentially: https://superuser.com/questions/1369904/encrypting-the-password-value-used-to-send-an-email-via-a-bat-file/1370096#1370096 and https://superuser.com/questions/1239624/automating-ftp-folder-synchronization-for-uploading-via-command-line/1239776#1239776 and https://superuser.com/questions/1334959/is-it-possible-to-encrypt-obfuscate-the-password-in-a-ftp-script-using-windows-f/1334988#1334988 – Vomit IT - Chunky Mess Style Aug 03 '22 at 00:49

1 Answers1

0

Typically when accessing a website through basic authentication you can include the username and password inline with the URL like this:

http://<username>:<password>@192.168.1.1

Or with HTTPS simply:

https://<username>:<password>@192.168.1.1

So, for example if my username is baa and my password is hunter2 then the URL would be http://baa:hunter2@192.168.1.1.

Depending on your workflow this may be feasible.

Baa
  • 351
  • 1
  • 8
  • it gives me a security error (Exception from HRESULT: 0x800C000E), thanks for the help but it doesn't work for me , since the application goes through https – zeros Aug 02 '22 at 10:44
  • @ortiga you may need to add `http://192.168.1.1` into your Trusted Sites Zone, see [here](https://www.thewindowsclub.com/add-a-trusted-site-in-windows-10) – Baa Aug 02 '22 at 11:04
  • To go along with that link: https://docs.microsoft.com/en-us/troubleshoot/developer/browsers/security-privacy/ie-security-zones-registry-entries. – Vomit IT - Chunky Mess Style Aug 02 '22 at 16:52
  • @ortiga HTTPS should still work too, add the HTTPS site to the Trusted Sites Zone `https://192.168.1.1` – Baa Aug 02 '22 at 16:54
  • that would be pretty insecure i can't do that – zeros Aug 02 '22 at 17:44
  • @ortiga Explore WinSCP and defining a connection there and then automating the file exchange upload or download operations without exposing the credential. Even if you could AutoIT to look for the title of the prompt, and then fill it in with the username and password, that is still technically insecure per running in memory. Another idea is to pass the password to the script as an argument at runtime so the logic uses a URL such as `http://baa:%~1@192.168.1.1` where with batch `%~1` is the placeholder only for the value that's passed in at runtime. The script does not contain the password. – Vomit IT - Chunky Mess Style Aug 03 '22 at 00:41
  • @ortiga You could even build some PowerShell around the connection process, call a URL with the password, and pass the password in at runtime as a base64 encoded value, have PowerShell convert the first argument back to cleartext at run time to build and call the URL, but the script nor the passing of the first value would not be in cleartext. Someone could technically decode the base64 value of the passed argument though to get that value. There are a few ways of doing this sort of thing, I think WinSCP handles file exchanges with FTP very well though: https://winscp.net/eng/index.php – Vomit IT - Chunky Mess Style Aug 03 '22 at 00:44
  • it doesn't work because the url is type www......com/index.html – zeros Aug 03 '22 at 05:48