Windows Server 2012 (standard version) includes the components for its Internet Information Services, which basically provides Microsoft’s alternative to a LAMPP setup. It can host web pages, SQL databases, scripts and .NET applications – pretty much what we’d find on a typical web server. I’ve recently played around with IIS for the first time, as it’s worth looking at in relation to the Active Directory thing I’ve been experimenting with lately.
I should mention the domain shown here in the screenshots has absolutely no relation to the publicly-accessible MK-ULTRA.com. Ours is a pen testing setup totally independent of the Internet and global DNS.
The IIS Installation and Setup
The process is fairly straightforward with the GUI doing most the work. At the Server Manager Dashboard, click Manage >> Add Roles and Features. Go through the prompts on the setup window. Add ‘Web Server (IIS)‘ in the ‘Select server roles‘ menu. Windows Server will list all the optional components that can be added.
After the components have been installed, the Internet Information Services (IIS) Manager can be accessed for administrating whatever web services.
A client’s web browser pointing at the server’s IP address should display the IIS page.
IIS and Domain Controller Security
Of course, if this was a proper deployment, we’d spend a few hours ensuring everything is properly configured before making the site live, but it didn’t matter so much here – I want a slightly hackable server, and to explore the fairly realistic scenario of an organisation using the same machine as a Domain Controller and an IIS server, thereby giving an attacker another possible way to compromise it. Microsoft itself advises against this, but still… it probably does happen anyway.
This matters in the case of a corporate network, because Windows Server 2012 comes with the Guest account disabled by default, which is supposed to prevent null sessions with the Active Directory system. But a machine on the network doesn’t need to be authenticated to access a site hosted using IIS, and here it’s interacting with a server that’s functioning as a Domain Controller.