Hi folks,
I did some research on Google and it seems no one has done this previously:
Rdcman of sysinternals saves rdp password with the credentials of the currently logged in user account. Any chance we could get hashcat to crack that password?
Best
Momro
Hashcat not support this hash
I thought so, but any chance to add it?
Do you have information about the algorithm used and the resulting format?
(09-27-2023, 04:36 PM)Chick3nman Wrote: [ -> ]Do you have information about the algorithm used and the resulting format?
I don't, but the Internet is kinda full with details how to get password via rdcman.exe/dll. (E. G.
https://superuser.com/questions/1103193/...n-rdg-file)
I inspected the exe/dll and found this EncryptStringUsingLocalUser() (see screenshot attached)
This doesn't look like something hashcat could do OR would even be needed for. The passwords look to be encrypted, likely with DPAPI, so there's nothing for hashcat to do. You can either decrypt them on the system, or you can't because you've removed them without decrypting them.
Oh OK, I see. Thanks though!