Skip to main content

Search

How do I add Dynamic Banner Variables to services

Description: Several services supported on your Canaries provide the option to specify a banner, which originally was just a static plain text/message that would be displayed on connection to the service.

We have now extended (as of version 3.x.5) our banner feature to allow you to use dynamic variables.
The following is a list of reserved words/variables your Canary will substitute for the relevant value/text:

Note: These words/variables will only be substituted for a value if they are padded with the character %, for example HOSTNAME will not be substituted for the actual host name of your Canary, but %HOSTNAME% will be.

  • Date and time variables
    • %TIME_HMS% -> The current time in Hour:Minute:Second format.
    • %TIME_HOUR%  -> The current Hour.
    • %TIME_MINUTE% -> The current Minute.
    • %TIME_SECOND% -> The current Second.
    • %DATE_YMD% -> The current date in Year-Month-Day format.
    • %DATE_DAY%  -> The current Day of Month.
    • %DATE_YEAR% -> The current Year.
    • %DATE_MONTH% -> The current Month of Year.
    • %TIME% -> Similar to %TIME_HMS% the current Time in Hour:Minute:Second format.
    • %DATE% -> Similar to %DATE_YMD% the current Date in Year-Month-Day format.
  • Socket variables
    • %HOST_NAME% -> The Canary’s Hostname
    • %HOSTNAME% -> similar to %HOST_NAME% , the Canary’s Hostname
    • %HOST_IPv4%  -> The Canary’s IPv4
  • Config variables
    • %HOST_MAC% -> The Canary’s current MAC address

Note : Not all services on your Canary will have this feature. Some services simply don't have a banner (for example LDAP) while other services won't allow such freedom with their banners (for example MySQL).

The following is a list of services that have this feature, including what part of the service, this feature applies to.

  • File Transfer (FTP) - Feature applied to the FTP banner.
  • Web Proxy - Feature applied to the Web Proxy banner.
  • SSH - Feature applied to the SSH banner.
  • Telnet - Feature applied to the Telnet banner.
  • Custom TCP Service - Feature applied to both Custom TCP banners.
  • TN3270 - Feature applied to the TN3270 banner.
  • Webserver - Feature applied to the webserver custom header values only and not the banner.

Step 1:

Log in to your Console.

Console Login.png

Step 2:

Click on the Canary you want to configure the Windows File Share on.

Note: we have selected the ZAJHBR01 Canary.

CleanShot 2024-07-25 at 13.41.36@2x.png

Step 3:

1 - Scroll down to the service you want to add dynamic banners too.

Note: We've chosen to set dynamic banners to the Telnet service

2 - "Click" on Banner Prompt and add the Dynamic Banner Variables you want to see.

Note: We've chosen to add the Hostname and the Date - %HOST_NAME% \r\n%DATE_YMD% \r\n.

Note: \r\n can be used to display each Dynamic Banner Variable on a new line.

CleanShot 2024-07-25 at 13.41.53@2x.png

Step 4:

Once you've made the changes you will then need to scroll down to the bottom of the configuration page and click on Deploy new configuration.

CleanShot 2024-07-25 at 13.42.03@2x.png

 

Step 5:

Your new configuration will be pushed down to your Canary. Once it gets to 100%, your Canary will reboot and connect back to your Console with the new configuration.

 

CleanShot 2024-07-25 at 13.42.13@2x.png

Telnet Banner:

When an attacker tries to access the telnet service, we will display the Dynamic Banner you've set.

Note: We are showing the Hostname and the Date that we set up in Step 3.

CleanShot 2024-07-25 at 13.42.23@2x.png

 

That's it, you're done ;-)

Was this article helpful?
0 out of 0 found this helpful
Return to top