+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Crack Remote desktop Connection manager (/thread-11633.html)
Crack Remote desktop Connection manager - Momro - 09-27-2023
Hi folks,
I did some research on Google and it seems no one has done this previously:
Rdcman of sysinternals saves rdp password with the credentials of the currently logged in user account. Any chance we could get hashcat to crack that password?
Best
Momro
RE: Crack Remote desktop Connection manager - marc1n - 09-27-2023
Hashcat not support this hash
RE: Crack Remote desktop Connection manager - Momro - 09-27-2023
I thought so, but any chance to add it?
RE: Crack Remote desktop Connection manager - Chick3nman - 09-27-2023
Do you have information about the algorithm used and the resulting format?
RE: Crack Remote desktop Connection manager - Momro - 09-27-2023
(09-27-2023, 04:36 PM)Chick3nman Wrote: Do you have information about the algorithm used and the resulting format?
I don't, but the Internet is kinda full with details how to get password via rdcman.exe/dll. (E. G. https://superuser.com/questions/1103193/decrypt-rdp-password-stored-in-rdg-file)
I inspected the exe/dll and found this EncryptStringUsingLocalUser() (see screenshot attached)
RE: Crack Remote desktop Connection manager - Chick3nman - 09-28-2023
This doesn't look like something hashcat could do OR would even be needed for. The passwords look to be encrypted, likely with DPAPI, so there's nothing for hashcat to do. You can either decrypt them on the system, or you can't because you've removed them without decrypting them.
RE: Crack Remote desktop Connection manager - Momro - 09-28-2023
Oh OK, I see. Thanks though!