Skip to main content

Search

How do I add Dynamic Banner Variables to services

How to add dynamic banner variables to Canary services without using static text — enabling automatic substitution (e.g. hostname, date) in service banners.

Several services supported on your Canaries provide the option to specify a banner, which originally was just a static plain text/message that would be displayed on connection to the service.

We have now extended (as of version 3.x.5) our banner feature to allow you to use dynamic variables.

The following is a list of reserved words/variables your Canary will substitute for the relevant value/text:

Note

These words/variables will only be substituted for a value if they are padded with the character %, for example HOSTNAME will not be substituted for the actual host name of your Canary, but %HOSTNAME% will be.

  • Date and time variables
    • %TIME_HMS% -> The current time in Hour:Minute:Second format.
    • %TIME_HOUR% -> The current Hour.
    • %TIME_MINUTE% -> The current Minute.
    • %TIME_SECOND% -> The current Second.
    • %DATE_YMD% -> The current date in Year-Month-Day format.
    • %DATE_DAY% -> The current Day of Month.
    • %DATE_YEAR% -> The current Year.
    • %DATE_MONTH% -> The current Month of Year.
    • %TIME% -> Similar to %TIME_HMS% the current Time in Hour:Minute:Second format.
    • %DATE% -> Similar to %DATE_YMD% the current Date in Year-Month-Day format.
  • Socket variables
    • %HOST_NAME% -> The Canary's Hostname
    • %HOSTNAME% -> similar to %HOST_NAME% , the Canary's Hostname
    • %HOST_IPv4% -> The Canary's IPv4
  • Config variables
    • %HOST_MAC% -> The Canary's current MAC address
Note

Not all services on your Canary will have this feature. Some services simply don't have a banner (for example LDAP) while other services won't allow such freedom with their banners (for example MySQL).

  • File Transfer (FTP): Feature applied to the FTP banner.
  • Web Proxy: Feature applied to the Web Proxy banner.
  • SSH: Feature applied to the SSH banner.
  • Telnet: Feature applied to the Telnet banner.
  • Custom TCP Service: Feature applied to both Custom TCP banners.
  • TN3270: Feature applied to the TN3270 banner.
  • Webserver: Feature applied to the webserver custom header values only and not the banner.

Step 1: Log in to your Console

Console Login.png

Step 2: Open Canary

Click the Canary for which you want to configure dynamic banners.

CleanShot 2024-07-25 at 13.41.36@2x.png

Step 3: Add Dynamic Banner Variables

Scroll down to the service you want to add dynamic banners to.

We've chosen to set dynamic banners to the Telnet service

Click on Banner Prompt and add the Dynamic Banner Variables you want to see.

We've chosen to add the Hostname and the Date: %HOST_NAME% \r\n%DATE_YMD% \r\n.

Note

\r\n can be used to display each Dynamic Banner Variable on a new line.

CleanShot 2024-07-25 at 13.41.53@2x.png

Step 4: Deploy Configuration Changes

Once you've made the changes you will then need to scroll down to the bottom of the configuration page and click on Deploy new configuration.

CleanShot 2024-07-25 at 13.42.03@2x.png

Step 5: Apply and Reboot

Your new configuration will be pushed down to your Canary. Once it gets to 100%, your Canary will reboot and connect back to your Console with the new configuration.

CleanShot 2024-07-25 at 13.42.13@2x.png

Telnet Banner

When an attacker tries to access the telnet service, we will display the Dynamic Banner you've set.

CleanShot 2024-07-25 at 13.42.23@2x.png
Was this article helpful?
0 out of 0 found this helpful
Return to top