Partilhar via


Decrypting SecureStrings (Once More!)

[PSCredentials] have some interesting methods.  Chief among them, at least for today, is GetNetworkCredential().  Well, what’s so special about this?  The returned object has the .Password property which is the plaintext of the password.  I’ll say it again:

 $PsCredential.GetNetworkCredential().Password is plaintext!

This means we have an easier-to-remember way to decrypt a SecureString:

 (New-Object System.Management.Automation.PSCredential DoesNotMatter, 
    $SecureString).GetNetworkCredential().Password.

Easy as … well, not quite all that easy, but it’s still a lot easier to remember than

 [System.Runtime.InteropServices.marshal]::PtrToStringAuto(
    [System.Runtime.InteropServices.marshal]::SecureStringToBSTR($SecureString)
);

Don't you think?