How to retrieve password from service account?

by sabeltiger81 at 2013-02-19 04:46:42

I know there is a discussion on different forums where people have asked this question, mostly it’s the ethics that comes in to question here I hope to avoid that discussion because I’m aware of the consequences for abusing this.

Anyway i have a service account that runs some services through out the domain on different servers, but the code for serviceaccount has gone missing.

Therefore I would like some help on how to retrieve the password, I have read it can be done with the Get-credential cmdlet and convertfrom string, I just don’t know how?
by DonJ at 2013-02-19 04:53:45
No, you’ve read incorrectly. Get-Credential creates a new credential object - it doesn’t retrieve one from a service account. Service account passwords are stored as a one-way hash, meaning they cannot be recovered. You need to come up with a new password, and set the service and the service account to use that.
by sabeltiger81 at 2013-02-19 06:55:33
1# So how can I see which services the user account is used for and on what servers?

3# Is it possible to invoke reverse encryption on an account that already have a password stored or will it only work if you change the password?

3# then I think I need some explaining on the code below that I found here: http://stackoverflow.com/questions/7433 … e-password



$credential = Get-Credential
$credential.Password | ConvertFrom-SecureString
$credential

$credCachePS = New-Object System.Net.CredentialCache
$credCachePS.Add("coffee", "NTLM", $credential)
$credCachePS | select Password
by AlexBrassington at 2013-02-19 09:24:43
A secure string is a string encrypted with a reversible encryption method. This means that you can convert to and convert from secure strings to your heart’s content using the commandlets you quoted and, if you wanted, you could keep an encrypted copy somewhere (I really don’t advise this by the way).

Passwords in AD are generated from those secure strings but once they are created you can’t go back to the plain text from that password. It’s a one way or ‘trap door’ function (you can go one way through but you can’t go back the other way).

This might shed some light: http://www.vistax64.com/powershell/1566 … tring.html

Short version: Don’s right, you’ll need to identify the services where it’s in use and change the passwords for each.
by sabeltiger81 at 2013-02-20 00:43:19
In a way this was helpfull, in another way it wasn’t. I guess you can’t always get what you want.