HTTP / Windows
Last updated
Last updated
(Hypertext Transfer Protocol) is probably the most famous application protocol out there, since it is the protocol of the web. But apart from its major role in Internet, is also commonly used in Active Directory.
HTTP is used as transport protocol by many other application protocols that are present in a Active Directory domain like (and thus ), or (Active Directory Web Services).
In order to be fully integrated with Active Directory, HTTP supports authentication with both NTLM and Kerberos. This is important from a security perspective since it implies that HTTP connections are susceptible of suffering from Kerberos Delegation or attacks.
In the case of NTLM relay is specially important to note that HTTP connections don't required signing, so are very susceptible to NTLM cross relay attacks. In fact, there are many attacks like the or some that rely in NTLM relay from HTTP to LDAP. If you able to coerce a computer to perform an HTTP request using the computer domain account with NTLM authentication , then you can compromise the computer with a .
Related to HTTP, in Windows machines you can install the web server, that is the basis for some technologies like or PSWA (Powershell Web Access), that can be enabled in the /pswa
endpoint.
Moreover, you can create a SOCKS proxy over HTTP in a IIS installation by using .