Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/mez-0/DecryptRDCManager
.NET 4.0 Remote Desktop Manager Password Gatherer
https://github.com/mez-0/DecryptRDCManager
execute-assembly net-framework post-exploitation
Last synced: about 2 months ago
JSON representation
.NET 4.0 Remote Desktop Manager Password Gatherer
- Host: GitHub
- URL: https://github.com/mez-0/DecryptRDCManager
- Owner: mez-0
- Created: 2020-09-29T08:53:46.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2020-09-29T10:12:58.000Z (over 4 years ago)
- Last Synced: 2024-08-05T17:24:15.041Z (5 months ago)
- Topics: execute-assembly, net-framework, post-exploitation
- Language: C#
- Homepage:
- Size: 438 KB
- Stars: 71
- Watchers: 4
- Forks: 7
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - mez-0/DecryptRDCManager - .NET 4.0 Remote Desktop Manager Password Gatherer (C# #)
README
# DecryptRDCManager
`DecryptRDCManager` is a .NET port of [Decrypt-RDCMan.ps1](https://github.com/nettitude/PoshC2/blob/master/resources/modules/Decrypt-RDCMan.ps1) which was written by [Ben Turner](https://twitter.com/benpturner) and [Rich Hicks](https://twitter.com/scriptmonkey_). This tool will decrypt credentials from [Remote Desktop Manager](https://techcommunity.microsoft.com/t5/exchange-team-blog/introducing-remote-desktop-connection-manager-rdcman-2-2/ba-p/592989) by using the functionality from the [RDCMan.DLL](./DLLs/RDCMan.dll) as done [here](https://smsagent.blog/2017/01/26/decrypting-remote-desktop-connection-manager-passwords-with-powershell/).
When a `.rdg` file is identified, the contents will look something like this:
```xml
testprofile
DEV\testinguser
AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAlSnFmjEAH0SsyduD82ZosAAAAAACAAAAAAADZgAAwAAAABAAAABimXpySiTYAbe0keAEpZs7AAAAAASAAACgAAAAEAAAACklkBrjv0x63t1+OWBCrCggAAAAvCOw3knvjfpvWFRKJDPI+8ipmOA208hh3EijNOAQG0QUAAAAEX45lKeHqHDty7J9S1/GDw9pcIA=
DEV
True
testing
192.168.100.102
testprofile
```
Credentials can either be stored in ``, or ``. During testing, it was found that `` would either fail to decrypt, or decrypt to `0123456789`. However, `` was identified to be way more reliable.
## Building
Make sure the `RDCMan.DLL` reference is added into the solution, and then build it. After building the solution, `ILMerge.exe` it:
```
.\ILMerge.exe /out:c:\DecryptRDCManager.exe .\DecryptRDCManager\DecryptRDCManager\bin\Debug\DecryptRDCManager.exe .\DLLs\AxMSTSCLib.dll .\DLLs\MSTSCLib.dll .\DLLs\RDCMan.dll
```## Usage
A path to a `.rdg` can be passed in, or `DecryptRDCManager` will read the following settings file to determine where any `.rdg` files are:
```
"C:\Users\\AppData\Local\Microsoft\Remote Desktop Connection Manager\RDCMan.settings"
```Example **without path**:
![Without path](./Images/without-path.PNG)
Example **with path**:
![With path](./Images/with-path.PNG)