Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mez-0/DecryptRDCManager

.NET 4.0 Remote Desktop Manager Password Gatherer
https://github.com/mez-0/DecryptRDCManager

execute-assembly net-framework post-exploitation

Last synced: about 2 months ago
JSON representation

.NET 4.0 Remote Desktop Manager Password Gatherer

Awesome Lists containing this project

README

        

# DecryptRDCManager

`DecryptRDCManager` is a .NET port of [Decrypt-RDCMan.ps1](https://github.com/nettitude/PoshC2/blob/master/resources/modules/Decrypt-RDCMan.ps1) which was written by [Ben Turner](https://twitter.com/benpturner) and [Rich Hicks](https://twitter.com/scriptmonkey_). This tool will decrypt credentials from [Remote Desktop Manager](https://techcommunity.microsoft.com/t5/exchange-team-blog/introducing-remote-desktop-connection-manager-rdcman-2-2/ba-p/592989) by using the functionality from the [RDCMan.DLL](./DLLs/RDCMan.dll) as done [here](https://smsagent.blog/2017/01/26/decrypting-remote-desktop-connection-manager-passwords-with-powershell/).

When a `.rdg` file is identified, the contents will look something like this:

```xml




testprofile
DEV\testinguser
AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAlSnFmjEAH0SsyduD82ZosAAAAAACAAAAAAADZgAAwAAAABAAAABimXpySiTYAbe0keAEpZs7AAAAAASAAACgAAAAEAAAACklkBrjv0x63t1+OWBCrCggAAAAvCOw3knvjfpvWFRKJDPI+8ipmOA208hh3EijNOAQG0QUAAAAEX45lKeHqHDty7J9S1/GDw9pcIA=
DEV



True
testing



192.168.100.102


testprofile





```

Credentials can either be stored in ``, or ``. During testing, it was found that `` would either fail to decrypt, or decrypt to `0123456789`. However, `` was identified to be way more reliable.

## Building

Make sure the `RDCMan.DLL` reference is added into the solution, and then build it. After building the solution, `ILMerge.exe` it:

```
.\ILMerge.exe /out:c:\DecryptRDCManager.exe .\DecryptRDCManager\DecryptRDCManager\bin\Debug\DecryptRDCManager.exe .\DLLs\AxMSTSCLib.dll .\DLLs\MSTSCLib.dll .\DLLs\RDCMan.dll
```

## Usage

A path to a `.rdg` can be passed in, or `DecryptRDCManager` will read the following settings file to determine where any `.rdg` files are:

```
"C:\Users\\AppData\Local\Microsoft\Remote Desktop Connection Manager\RDCMan.settings"
```

Example **without path**:

![Without path](./Images/without-path.PNG)

Example **with path**:

![With path](./Images/with-path.PNG)