Skip to main content
Question

macOSLAPS by Jamf script


Forum|alt.badge.img+10
  • Valued Contributor
  • 193 replies

There are a number of of LAPS scripts I've seen.

Joshua Roskos from Jamf has one here which seems to meet our needs
macOSLAPS
https://github.com/kc9wwh/macOSLAPS

Theres been a couple of minor updates for Big Sur by mjgall
https://github.com/kc9wwh/macOSLAPS/pull/2

The bit I'm confused about is this like and what the 9 & 10 params should be.

jamfProPass=$( echo "${6}" | /usr/bin/openssl enc -aes256 -d -a -A -S "${9}" -k "${10}" )

Any ideas?

2 replies

colorenz
Forum|alt.badge.img+7
  • Valued Contributor
  • 92 replies
  • July 5, 2021

Yes its from the jamf EncryptedStrings script. But I would not use Jamf Pro API Credentials in a Client Side script. I would look for a LAPS version that reads the password with an extension attribute.

https://github.com/mensooree/Encrypted-Script-Parameters

Maybe this is something for you, it has also a "local" mode.

https://github.com/joshua-d-miller/macOSLAPS

Good to read https://labs.f-secure.com/blog/jamfing-for-joy-attacking-macos-in-enterprise/


mpuyet
Forum|alt.badge.img+4
  • Jamf Heroes
  • 9 replies
  • July 15, 2021

that not clear on the script but jamfProPass variable is using an encrypted password  depending of Params 6 - 9 - 10.

  • Param 6 : Encrypted String
  • Param 9 : Salt
  • Param 10 : Passphrase

To generate an encrypted password : 

function GenerateEncryptedString() {
local STRING="${1}"
local SALT=$(openssl rand -hex 8 )
local K=$(openssl rand -hex 12)
local ENCRYPTED=$(echo "${STRING}" | openssl enc -aes256 -a -A -S "${SALT}" -k "${K}")
echo "Encrypted String: ${ENCRYPTED}"
echo "Salt: ${SALT} | Passphrase: ${K}"
}
GenerateEncryptedString 'yourPasswordtoEncrypt'

This script will generate Encrypted String + Salt + Passphrase for password "yourPasswordtoEncrypt".

You just have to replace "yourPasswordtoEncrypt", and copy datas returned to your script params


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings