DecryptRDCManager is a .NET port of Decrypt-RDCMan.ps1 which was written by Ben Turner and Rich Hicks. This tool will decrypt credentials from Remote Desktop Manager by using the functionality from the RDCMan.DLL as done here.
.rdg file is identified, the contents will look something like this:
<?xml version="1.0" encoding="utf-8"?> <RDCMan programVersion="2.7" schemaVersion="3"> <file> <credentialsProfiles> <credentialsProfile inherit="None"> <profileName scope="Local">testprofile</profileName> <userName>DEV\testinguser</userName> <password>AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAlSnFmjEAH0SsyduD82ZosAAAAAACAAAAAAADZgAAwAAAABAAAABimXpySiTYAbe0keAEpZs7AAAAAASAAACgAAAAEAAAACklkBrjv0x63t1+OWBCrCggAAAAvCOw3knvjfpvWFRKJDPI+8ipmOA208hh3EijNOAQG0QUAAAAEX45lKeHqHDty7J9S1/GDw9pcIA=</password> <domain>DEV</domain> </credentialsProfile> </credentialsProfiles> <properties> <expanded>True</expanded> <name>testing</name> </properties> <server> <properties> <name>192.168.100.102</name> </properties> <logonCredentials inherit="None"> <profileName scope="File">testprofile</profileName> </logonCredentials> </server> </file> <connected /> <favorites /> <recentlyUsed /> </RDCMan>
Credentials can either be stored in
<logonCredentials>. During testing, it was found that
<logonCredentials> would either fail to decrypt, or decrypt to
<credentialsProfile> was identified to be way more reliable.
Make sure the
RDCMan.DLL reference is added into the solution, and then build it. After building the solution,
.\ILMerge.exe /out:c:\DecryptRDCManager.exe .\DecryptRDCManager\DecryptRDCManager\bin\Debug\DecryptRDCManager.exe .\DLLs\AxMSTSCLib.dll .\DLLs\MSTSCLib.dll .\DLLs\RDCMan.dll
A path to a
.rdg can be passed in, or
DecryptRDCManager will read the following settings file to determine where any
.rdg files are:
"C:\Users\<username>\AppData\Local\Microsoft\Remote Desktop Connection Manager\RDCMan.settings"
Example without path:
Example with path: