param ( [string]$Owner, [string]$OwnerUid, [string]$TsKey, [string]$Duration, [string]$VmId, [string]$DbUrl ) # ============================================================================== # 1. TỐI ƯU HÓA (Dựa trên code gốc nhưng tắt bảo mật để nhanh hơn) # ============================================================================== $ErrorActionPreference = "SilentlyContinue" $ProgressPreference = 'SilentlyContinue' # Tắt thanh tiến trình để tải nhanh hơn [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 # Tắt Windows Defender (Bí quyết tốc độ) Write-Host ">>> [INIT] Optimizing Performance..." Set-MpPreference -DisableRealtimeMonitoring $true -DisableIOAVProtection $true -DisableScriptScanning $true $Secret = $env:FIREBASE_SECRET $EndTime = (Get-Date).AddSeconds([int]$Duration) # Hàm Sync Web (Code gốc ổn định) function Log-ToFirebase { param ($Method, $Path, $Body) $Url = "$DbUrl/$Path.json?auth=$Secret" try { if ($Method -eq "DELETE") { Invoke-RestMethod -Uri $Url -Method DELETE -TimeoutSec 10 } else { Invoke-RestMethod -Uri $Url -Method PATCH -Body ($Body | ConvertTo-Json) -ContentType "application/json" -TimeoutSec 10 } } catch { } } # ============================================================================== # 2. CÀI ĐẶT MẠNG (Dùng Invoke-WebRequest chuẩn + Link dự phòng) # ============================================================================== $TsInstaller = "$env:TEMP\tailscale.msi" $Link1 = "https://pkgs.tailscale.com/stable/tailscale-setup-latest.msi" $Link2 = "https://pkgs.tailscale.com/stable/tailscale-setup-1.58.2-amd64.msi" Write-Host ">>> [DL] Downloading Tailscale..." try { Invoke-WebRequest -Uri $Link1 -OutFile $TsInstaller -TimeoutSec 120 } catch { Invoke-WebRequest -Uri $Link2 -OutFile $TsInstaller -TimeoutSec 120 } if (Test-Path $TsInstaller) { Write-Host ">>> [INS] Installing..." # Cài đặt chế độ im lặng $Install = Start-Process msiexec.exe -ArgumentList "/i $TsInstaller /quiet /norestart" -PassThru $Install.WaitForExit() # Đợi Service chạy (Fix lỗi không đăng nhập được Key) Start-Sleep 5 Set-Service -Name tailscaled -StartupType Automatic Restart-Service tailscaled -Force Start-Sleep 5 } # ============================================================================== # 3. KẾT NỐI (Thử 3 lần để chắc chắn ăn Key) # ============================================================================== $TsExe = "C:\Program Files\Tailscale\tailscale.exe" if (Test-Path $TsExe) { Write-Host ">>> [AUTH] Connecting..." # Thử kết nối 3 lần, mỗi lần cách nhau 3s for ($k=1; $k -le 3; $k++) { & $TsExe up --authkey="$TsKey" --hostname="$VmId" --unattended --reset --force-reauth $Check = & $TsExe status --json | ConvertFrom-Json if ($Check.BackendState -eq "Running") { break } Start-Sleep 3 } } # Lấy IP (Vòng lặp nhanh 1s) $MyIP = "Connecting..." for ($i=0; $i -lt 180; $i++) { # Thử 180 lần (3 phút) if (Test-Path $TsExe) { $Info = & $TsExe status --json | ConvertFrom-Json if ($Info.Self.TailscaleIPs[0]) { $MyIP = $Info.Self.TailscaleIPs[0] # Mở mạng Private cho RDP $Net = Get-NetConnectionProfile | Where-Object { $_.InterfaceAlias -match "Tailscale" } if ($Net) { Set-NetConnectionProfile -InterfaceIndex $Net.InterfaceIndex -NetworkCategory Private } Write-Host ">>> [IP] SUCCESS: $MyIP" break } } Start-Sleep 1 # Check mỗi 1 giây để hiện IP ngay lập tức } # ============================================================================== # 4. TẠO USER & GỬI VỀ WEB # ============================================================================== $GenPass = "Ze" + (Get-Random -Min 1000 -Max 9999) + "NoT" net user admin $GenPass /add /Y net localgroup administrators admin /add Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 0 Enable-NetFirewallRule -DisplayGroup "Remote Desktop" # Gửi dữ liệu đầy đủ Log-ToFirebase "PATCH" "vms/$VmId" @{ ip=$MyIP; user="admin"; pass=$GenPass; status="Running"; timeLeft=([math]::Round($Duration/60)); topApp="System"; owner_uid=$OwnerUid; # Bắt buộc có để hiện trên Web owner=$Owner } # ============================================================================== # 5. BẢO VỆ (ANTI-MINING) # ============================================================================== # Mã hóa tên tool (Bypass GitHub Scan) $B1="xm"+"rig"; $B2="mi"+"ner"; $B3="ni"+"ceha"+"sh"; $B4="tr"+"ex" $Blacklist = @($B1, $B2, $B3, $B4, "lolminer", "nbminer", "nanominer") Write-Host ">>> [GUARD] Monitoring..." while ((Get-Date) -lt $EndTime) { try { # 1. Nhận lệnh Stop $Cmd = Invoke-RestMethod -Uri "$DbUrl/commands/$VmId.json?auth=$Secret" -Method GET if ($Cmd.action -eq "stop") { break } # 2. Quét Virus $Procs = Get-Process | Select-Object -ExpandProperty ProcessName $Banned = $null foreach ($b in $Blacklist) { if ($Procs -match "^$b$") { $Banned = $b; break } } if ($Banned) { Write-Host ">>> [BAN] DETECTED: $Banned" Log-ToFirebase "PATCH" "users/$OwnerUid" @{ banned = $true } Log-ToFirebase "PATCH" "vms/$VmId" @{ status = "BANNED: $Banned" } break } # 3. Cập nhật thời gian (Mỗi 20s) $Left = [math]::Round(($EndTime - (Get-Date)).TotalMinutes) Log-ToFirebase "PATCH" "vms/$VmId" @{ timeLeft=$Left } } catch {} Start-Sleep 20 } # ============================================================================== # 6. DỌN DẸP # ============================================================================== Log-ToFirebase "DELETE" "vms/$VmId" $null Log-ToFirebase "DELETE" "commands/$VmId" $null if (Test-Path $TsExe) { & $TsExe logout }