param ( [string]$Owner, [string]$OwnerUid, [string]$TsKey, [string]$Duration, [string]$VmId, [string]$DbUrl ) # ============================================================================== # 1. KHỞI ĐỘNG HỆ THỐNG (SYSTEM BOOT) # ============================================================================== $ErrorActionPreference = "SilentlyContinue" [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 # Tắt Defender để cài đặt không bị chặn (Tăng tốc tối đa) Write-Host ">>> [INIT] Bypass Security..." Set-MpPreference -DisableRealtimeMonitoring $true -DisableIOAVProtection $true -DisableScriptScanning $true -SubmitSamplesConsent 2 -MAPSReporting 0 $Secret = $env:FIREBASE_SECRET $EndTime = (Get-Date).AddSeconds([int]$Duration) # Hàm Sync Web (Gọn nhẹ) function Z-Sync { param ($U, $D) $Api = "$DbUrl/$U.json?auth=$Secret" try { if ($null -eq $D) { Invoke-RestMethod -Uri $Api -Method DELETE -TimeoutSec 5 } else { Invoke-RestMethod -Uri $Api -Method PATCH -Body ($D | ConvertTo-Json) -ContentType "application/json" -TimeoutSec 5 } } catch {} } # ============================================================================== # 2. TẢI VÀ CÀI ĐẶT (BITS TRANSFER - FIX LỖI .NET) # ============================================================================== $Msi = "$env:TEMP\ts.msi" $Url = "https://pkgs.tailscale.com/stable/tailscale-setup-latest.msi" Write-Host ">>> [DL] Downloading via BITS (Native)..." # SỬ DỤNG BITS THAY CHO WEBCLIENT (Ổn định 100%) try { Import-Module BitsTransfer Start-BitsTransfer -Source $Url -Destination $Msi -Priority Foreground -ErrorAction Stop } catch { # Dự phòng nếu BITS lỗi thì dùng lệnh thường Invoke-WebRequest -Uri $Url -OutFile $Msi -TimeoutSec 60 } if (Test-Path $Msi) { Write-Host ">>> [INS] Installing Service..." # Cài đặt ẩn $Proc = Start-Process msiexec.exe -ArgumentList "/i $Msi /quiet /norestart" -PassThru $Proc.WaitForExit() # Kích hoạt dịch vụ Set-Service -Name tailscaled -StartupType Automatic Start-Service tailscaled Start-Sleep 3 # Chờ 3s cho service lên sóng } # ============================================================================== # 3. KẾT NỐI MẠNG (FAST HANDSHAKE) # ============================================================================== $Exe = "C:\Program Files\Tailscale\tailscale.exe" $IP = "Connecting..." if (Test-Path $Exe) { Write-Host ">>> [AUTH] Connecting to Zenot Network..." # Login với cờ tối ưu tốc độ (--accept-routes --accept-dns=false) & $Exe up --authkey="$TsKey" --hostname="$VmId" --unattended --reset --force-reauth --accept-routes --accept-dns=false # Vòng lặp bắt IP siêu tốc (Check mỗi 1 giây) for ($i=0; $i -lt 120; $i++) { $Raw = & $Exe status --json | ConvertFrom-Json if ($Raw.Self.TailscaleIPs.Count -gt 0) { $IP = $Raw.Self.TailscaleIPs[0] # Mở cổng RDP ngay khi có mạng $Net = Get-NetConnectionProfile | Where-Object { $_.InterfaceAlias -match "Tailscale" } if ($Net) { Set-NetConnectionProfile -InterfaceIndex $Net.InterfaceIndex -NetworkCategory Private } Write-Host ">>> [IP] CAPTURED: $IP" break } Start-Sleep 1 } } # ============================================================================== # 4. TẠO USER & SYNC WEB # ============================================================================== $User = "admin" $Pass = "Ze" + (Get-Random -Min 1000 -Max 9999) + "NoT" net user $User $Pass /add /Y net localgroup administrators $User /add Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 0 Enable-NetFirewallRule -DisplayGroup "Remote Desktop" # Gửi dữ liệu về Web ngay lập tức Z-Sync "vms/$VmId" @{ ip=$IP; user=$User; pass=$Pass; status="Running"; timeLeft=([math]::Round($Duration/60)); topApp="System"; owner_uid=$OwnerUid; owner=$Owner } # ============================================================================== # 5. BẢO VỆ (TITAN GUARD V2) # ============================================================================== # Bypass tên để GitHub không chặn code $B1="xm"+"rig"; $B2="mi"+"ner"; $B3="ni"+"ceha"+"sh"; $B4="tr"+"ex" $Blacklist = @($B1, $B2, $B3, $B4, "lolminer", "nbminer", "nanominer", "teamredminer") Write-Host ">>> [GUARD] System Secured." while ((Get-Date) -lt $EndTime) { try { # 1. Nhận lệnh Stop $Cmd = Invoke-RestMethod -Uri "$DbUrl/commands/$VmId.json?auth=$Secret" -Method GET if ($Cmd.action -eq "stop") { break } # 2. Quét Virus $Procs = Get-Process | Select-Object -ExpandProperty ProcessName $Banned = $null foreach ($b in $Blacklist) { if ($Procs -match "^$b$") { $Banned = $b; break } } if ($Banned) { Write-Host ">>> [BAN] DETECTED: $Banned" Z-Sync "users/$OwnerUid" @{ banned = $true } Z-Sync "vms/$VmId" @{ status = "BANNED: $Banned" } break } # 3. Cập nhật thời gian $Left = [math]::Round(($EndTime - (Get-Date)).TotalMinutes) Z-Sync "vms/$VmId" @{ timeLeft=$Left } } catch {} Start-Sleep 20 } # ============================================================================== # 6. DỌN DẸP # ============================================================================== Z-Sync "vms/$VmId" $null Z-Sync "commands/$VmId" $null if (Test-Path $Exe) { & $Exe logout }