hashcat
advanced password recovery

Momro · 09-27-2023, 03:50 PM

Hi folks,

I did some research on Google and it seems no one has done this previously:

Rdcman of sysinternals saves rdp password with the credentials of the currently logged in user account. Any chance we could get hashcat to crack that password?

Best
Momro

~~marc1n~~ · 09-27-2023, 04:11 PM

Hashcat not support this hash

Momro · 09-27-2023, 04:34 PM

I thought so, but any chance to add it?

**Chick3nman** · 09-27-2023, 04:36 PM

Do you have information about the algorithm used and the resulting format?

Momro · (This post was last modified: 09-27-2023, 05:44 PM by Momro.)

(09-27-2023, 04:36 PM)Chick3nman Wrote: Do you have information about the algorithm used and the resulting format?

I don't, but the Internet is kinda full with details how to get password via rdcman.exe/dll. (E. G. https://superuser.com/questions/1103193/...n-rdg-file)

I inspected the exe/dll and found this EncryptStringUsingLocalUser() (see screenshot attached)

**Chick3nman** · 09-28-2023, 12:26 AM

This doesn't look like something hashcat could do OR would even be needed for. The passwords look to be encrypted, likely with DPAPI, so there's nothing for hashcat to do. You can either decrypt them on the system, or you can't because you've removed them without decrypting them.

Momro · 09-28-2023, 09:16 AM

Oh OK, I see. Thanks though!

Login
Username/Email:
Password:	Lost Password?
	Remember me

hashcat advanced password recovery

hashcat
advanced password recovery