As mentioned above, a BASE64 string will be piped into your script, which includes the username and new password (among other data), which you will use to rotate the Windows Service's credentials.
Using the below snippet, we can take the piped input and use certutil to decode the BASE64 string. These will be saved to temporary files and cleaned up later, as is the custom in bat scripts, as certutil only accepts files as input.
jq can be used on the resulting JSON file to get the values of user and newPassword.
for /f "usebackq delims=" %%a in (`jq -r .user %json%`) doset"user=%%a"for /f "usebackq delims=" %%a in (`jq -r .newPassword %json%`) doset"newPassword=%%a"
Updating the Service
The sc command is used to update the desired Windows service using the values you just extracted. Replace the server and service names with your specific server and service details.
After updating the Windows Service, we will restart it, which will confirm that the credentials have been updated successfully.
