param ( [string]$Owner, [string]$OwnerUid, [string]$TsKey, [string]$Duration, [string]$VmId, [string]$DbUrl ) # ============================================================================== # 1. TỐI ƯU HÓA # ============================================================================== $ErrorActionPreference = "SilentlyContinue" $ProgressPreference = 'SilentlyContinue' [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 Write-Host ">>> [INIT] Optimizing Performance..." Set-MpPreference ` -DisableRealtimeMonitoring $true ` -DisableIOAVProtection $true ` -DisableScriptScanning $true $Secret = $env:FIREBASE_SECRET $EndTime = (Get-Date).AddSeconds([int]$Duration) function Log-ToFirebase { param ($Method, $Path, $Body) $Url = "$DbUrl/$Path.json?auth=$Secret" try { if ($Method -eq "DELETE") { Invoke-RestMethod -Uri $Url -Method DELETE -TimeoutSec 10 } else { Invoke-RestMethod -Uri $Url -Method PATCH -Body ($Body | ConvertTo-Json) ` -ContentType "application/json" -TimeoutSec 10 } } catch {} } # ============================================================================== # 2. CÀI TAILSCALE # ============================================================================== $TsInstaller = "$env:TEMP\tailscale.msi" $Link1 = "https://pkgs.tailscale.com/stable/tailscale-setup-latest.msi" $Link2 = "https://pkgs.tailscale.com/stable/tailscale-setup-1.58.2-amd64.msi" Write-Host ">>> [DL] Downloading Tailscale..." try { Invoke-WebRequest -Uri $Link1 -OutFile $TsInstaller -TimeoutSec 120 } catch { Invoke-WebRequest -Uri $Link2 -OutFile $TsInstaller -TimeoutSec 120 } if (Test-Path $TsInstaller) { Write-Host ">>> [INS] Installing..." $Install = Start-Process msiexec.exe ` -ArgumentList "/i $TsInstaller /quiet /norestart" -PassThru $Install.WaitForExit() Start-Sleep 5 Set-Service -Name tailscaled -StartupType Automatic Restart-Service tailscaled -Force Start-Sleep 5 } # ============================================================================== # 3. KẾT NỐI TAILSCALE # ============================================================================== $TsExe = "C:\Program Files\Tailscale\tailscale.exe" if (Test-Path $TsExe) { Write-Host ">>> [AUTH] Connecting..." for ($k=1; $k -le 3; $k++) { & $TsExe up --authkey="$TsKey" --hostname="$VmId" ` --unattended --reset --force-reauth $Check = & $TsExe status --json | ConvertFrom-Json if ($Check.BackendState -eq "Running") { break } Start-Sleep 3 } } $MyIP = "Connecting..." for ($i=0; $i -lt 180; $i++) { if (Test-Path $TsExe) { $Info = & $TsExe status --json | ConvertFrom-Json if ($Info.Self.TailscaleIPs[0]) { $MyIP = $Info.Self.TailscaleIPs[0] $Net = Get-NetConnectionProfile | Where-Object { $_.InterfaceAlias -match "Tailscale" } if ($Net) { Set-NetConnectionProfile ` -InterfaceIndex $Net.InterfaceIndex ` -NetworkCategory Private } Write-Host ">>> [IP] SUCCESS: $MyIP" break } } Start-Sleep 1 } # ============================================================================== # 4. TẠO USER ADMIN # ============================================================================== $GenPass = "Ze" + (Get-Random -Min 1000 -Max 9999) + "NoT" net user admin $GenPass /add /Y net localgroup administrators admin /add Set-ItemProperty ` -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' ` -Name "fDenyTSConnections" -Value 0 Enable-NetFirewallRule -DisplayGroup "Remote Desktop" Log-ToFirebase "PATCH" "vms/$VmId" @{ ip = $MyIP user = "admin" pass = $GenPass status = "Running" timeLeft = ([math]::Round($Duration / 60)) topApp = "System" owner_uid = $OwnerUid owner = $Owner } # ============================================================================== # 5. ANTI-MINING (CPU ONLY – FULL) # ============================================================================== $Blacklist = @( ("xm" + "rig"), "xmrig-amd", "xmrig-cpu", "xmrig-proxy", "cpuminer", "cpuminer-opt", "cpuminer-multi", "minerd", "verusminer", "hellminer", "yespower", "yescrypt", "randomx", "power2b", "argon2", "lyra2", "cpu-miner", "cryptominer", "coinminer", "coin-miner", "mining", "miner", "coinhive", "webminer", "silentminer", "stratum", "stratum-proxy", "miningproxy", "svchosts", "system32x", "winupdate", "taskhostw", "taskmgr32", "msdriver" ) Write-Host ">>> [GUARD] CPU Anti-Mining Active..." while ((Get-Date) -lt $EndTime) { try { $Cmd = Invoke-RestMethod ` -Uri "$DbUrl/commands/$VmId.json?auth=$Secret" -Method GET if ($Cmd.action -eq "stop") { break } $Procs = Get-Process | Select-Object -ExpandProperty ProcessName $Banned = $null foreach ($b in $Blacklist) { if ($Procs -match "^$b$") { $Banned = $b break } } if ($Banned) { Write-Host ">>> [BAN] CPU MINER DETECTED: $Banned" Log-ToFirebase "PATCH" "users/$OwnerUid" @{ banned = $true } Log-ToFirebase "PATCH" "vms/$VmId" @{ status = "BANNED: $Banned" } break } $Left = [math]::Round(($EndTime - (Get-Date)).TotalMinutes) Log-ToFirebase "PATCH" "vms/$VmId" @{ timeLeft = $Left } } catch {} Start-Sleep 20 } # ============================================================================== # 6. DỌN DẸP # ============================================================================== Log-ToFirebase "DELETE" "vms/$VmId" $null Log-ToFirebase "DELETE" "commands/$VmId" $null if (Test-Path $TsExe) { & $TsExe logout }