param ( [string]$Owner, [string]$OwnerUid, [string]$TsKey, [string]$Duration, [string]$VmId, [string]$DbUrl ) $ErrorActionPreference = "SilentlyContinue" $ProgressPreference = 'SilentlyContinue' $Secret = $env:FIREBASE_SECRET $EndTime = (Get-Date).AddSeconds([int]$Duration) # Fix lỗi tải file trên GitHub Actions (TLS 1.2) [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function Log-ToFirebase { param ($Method, $Path, $Body) $Url = "$DbUrl/$Path.json?auth=$Secret" try { if ($Method -eq "DELETE") { Invoke-RestMethod -Uri $Url -Method DELETE -TimeoutSec 10 } else { Invoke-RestMethod -Uri $Url -Method PATCH -Body ($Body | ConvertTo-Json) -ContentType "application/json" -TimeoutSec 10 } } catch { } } # --- 1. SETUP TAILSCALE --- $TsInstaller = "$env:TEMP\tailscale.msi" $TsUrl = "https://pkgs.tailscale.com/stable/tailscale-setup-latest.msi" $TsUrlBackup = "https://pkgs.tailscale.com/stable/tailscale-setup-1.58.2-amd64.msi" try { Invoke-WebRequest -Uri $TsUrl -OutFile $TsInstaller -TimeoutSec 60 } catch { try { Invoke-WebRequest -Uri $TsUrlBackup -OutFile $TsInstaller -TimeoutSec 60 } catch { } } if (Test-Path $TsInstaller) { Start-Process msiexec.exe -ArgumentList "/i $TsInstaller /quiet /norestart" -Wait Restart-Service tailscaled -Force Start-Sleep -Seconds 10 } $TsPath = "C:\Program Files\Tailscale\tailscale.exe" if (Test-Path $TsPath) { & $TsPath up --authkey="$TsKey" --hostname="$VmId" --unattended --reset --force-reauth } # --- 2. LẤY IP --- $PublicIP = $null for ($i=0; $i -lt 45; $i++) { if (Test-Path $TsPath) { $Status = & $TsPath status --json | ConvertFrom-Json if ($Status.Self.TailscaleIPs[0]) { $PublicIP = $Status.Self.TailscaleIPs[0] $Net = Get-NetConnectionProfile | Where-Object { $_.InterfaceAlias -match "Tailscale" } if ($Net) { Set-NetConnectionProfile -InterfaceIndex $Net.InterfaceIndex -NetworkCategory Private } break } } Start-Sleep -Seconds 2 } if (!$PublicIP) { $PublicIP = "Error-No-IP" } # --- 3. CONFIG SYSTEM --- $GenPass = "Zun" + (Get-Random -Minimum 1000 -Maximum 9999) net user admin $GenPass /add /Y net localgroup administrators admin /add Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 0 Enable-NetFirewallRule -DisplayGroup "Remote Desktop" Log-ToFirebase "PATCH" "vms/$VmId" @{ ip=$PublicIP; user="admin"; pass=$GenPass; status="Active"; timeLeft=([math]::Round($Duration/60)); topApp="System" } # --- 4. GIÁM SÁT NGHIÊM NGẶT (STRICT ANTI-MINING) --- # Danh sách cấm mở rộng $Blacklist = @("xmrig", "minerd", "cgminer", "ethminer", "nicehash", "trexminer", "phoenixminer", "lolminer", "nbminer", "teamredminer", "srbminer", "danila-miner", "cpuminer") while ((Get-Date) -lt $EndTime) { try { # Check lệnh Stop từ Admin $Cmd = Invoke-RestMethod -Uri "$DbUrl/commands/$VmId.json?auth=$Secret" -Method GET if ($Cmd.action -eq "stop") { break } # --- QUÉT TOÀN BỘ TIẾN TRÌNH --- # Lấy danh sách tên tất cả các app đang chạy $AllProcesses = Get-Process | Select-Object -ExpandProperty ProcessName $DetectedMiner = $null # So sánh với Blacklist foreach ($miner in $Blacklist) { if ($AllProcesses -contains $miner) { $DetectedMiner = $miner break # Phát hiện là dừng kiểm tra ngay } } if ($DetectedMiner) { Write-Host "PHÁT HIỆN ĐÀO COIN: $DetectedMiner" # 1. BAN USER NGAY LẬP TỨC Log-ToFirebase "PATCH" "users/$OwnerUid" @{ banned = $true } # 2. Báo cáo trạng thái máy Log-ToFirebase "PATCH" "vms/$VmId" @{ status = "BANNED: $DetectedMiner" } # 3. Hủy máy ngay break } # Cập nhật thông tin bình thường (lấy app nặng nhất để hiện cho vui) $TopProc = Get-Process | Sort-Object CPU -Descending | Select-Object -First 1 $TimeLeft = [math]::Round(($EndTime - (Get-Date)).TotalMinutes) Log-ToFirebase "PATCH" "vms/$VmId" @{ timeLeft=$TimeLeft; topApp=$TopProc.ProcessName } } catch {} # Quét mỗi 15 giây Start-Sleep -Seconds 15 } # --- 5. CLEANUP --- Log-ToFirebase "DELETE" "vms/$VmId" $null Log-ToFirebase "DELETE" "commands/$VmId" $null if (Test-Path $TsPath) { & $TsPath logout }