Up to XP and Server 2003, you can make use of another included tool (VBScript) – the following two scripts do the job you want.

First, getpwd.cmd:

@echo off <nul: set /p passwd=Password:  for /f 'delims=' %%i in ('cscript /nologo getpwd.vbs') do set passwd=%%i echo. 

Then, getpwd.vbs:

Set oScriptPW = CreateObject('ScriptPW.Password') strPassword = oScriptPW.GetPassword() Wscript.StdOut.WriteLine strPassword 

The getpwd.vbs simply uses the password object to input the password from the user and then print it to standard output (the next paragraph will explain why that doesn’t show up in the terminal).

The getpwd.cmd command script is a bit trickier but it basically works as follows.

The effect of the '<nul: set /p passwd=Password: ' command is to output the prompt with no trailing newline character – it’s a sneaky way to emulate the 'echo -n' command from the bash shell. It sets passwd to an empty string as an irrelevant side effect and doesn’t wait for input since it’s taking its input from the nul: device.

The 'for /f 'delims=' %%i in ('cscript /nologo getpwd.vbs') do set passwd=%%i' statement is the trickiest bit. It runs the VBScript with no Microsoft ‘advertising’, so that the only line output is the password (from the VBscript 'Wscript.StdOut.WriteLine strPassword'.

Setting the delimiters to nothing is required to capture an entire input line with spaces, otherwise you just get the first word. The 'for ... do set ...' bit sets passwd to be the actual password output from the VBScript.

Then we echo a blank line (to terminate the 'Password: ' line) and the password will be in the passwd environment variable after the code has run.

Now, as mentioned, scriptpw.dll is available only up to XP/2003. In order to rectify this, you can simply copy the scriptpw.dll file from the Windows\System32 folder of an XP/2003 system to the Winnt\System32 or Windows\System32 folder on your own system. Once the DLL has been copied, you will need to register it by running:

regsvr32 scriptpw.dll 

To successfully register the DLL on Vista and later, you will need administrator privileges. I haven’t examined the legality of such a move so cave lector.

If you’re not overly keen on trying to track down and register older DLL files (for convenience or legal reasons), there is another way. Later versions of Windows (the ones that don’t have the required DLL) should have Powershell available to you.

And, in fact, you really should consider upgrading your scripts to use it fully since it’s a much more capable scripting language than cmd.exe. However, if you want to keep the bulk of your code as cmd.exe scripts (such as if you have a lot of code that you don’t want to convert), you can use the same trick.

First, modify the cmd script so it calls Powershell rather than CScript:

@echo off for /f 'delims=' %%i in ('powershell -file getpwd.ps1') do set passwd=%%i 

The Powershell script is equally simple:

$password = Read-Host 'Enter password' -AsSecureString $password = [Runtime.InteropServices.Marshal]::SecureStringToBSTR($password) $password = [Runtime.InteropServices.Marshal]::PtrToStringAuto($password) echo $password 

although with some marshalling to get the actual password text.

Remember that, to run local unsigned Powershell scripts on your machine, you may need to modify the execution policy from the (draconian, though very safe) default, with something like:

set-executionpolicy remotesigned 

from within Powershell itself.