Page 1 of 1

Prevent Keylogging

Posted: 20 Oct 2016 20:44
by SirJosh3917
Hello, I have a simple login application that uses MD5 hash to hash user logins, then compare them.
After they login they get to go do stuff.
What I'm worried about is the user running a malicious batch file.
If you spam input in CMD and type

Code: Select all

doskey /history
a history of what you typed will be outputted to the screen.
This could go into a file and then so much for the MD5 hash, you have their password.

My question is, how can you make doskey clear the history?

Re: Prevent Keylogging

Posted: 20 Oct 2016 21:10
by Squashman
Can't test this from my phone but the help file says

Code: Select all

/REINSTALL         Install a new copy of Doskey (clears the buffer).

Figured we had discussed this in the past.