How to Hack from a RAM Disk

by Nv

It's a known fact that the script kiddies get the press.  Legit hackers know enough to keep from getting caught.

Here's some info so I don't have to read about newbies in the news and then watch as knee-jerk (((politicians))) take away privacy rights.

The first rule of hacking is don't get caught.  This means don't be traceable.  I'll let you figure out how to get an anonymous (not traceable to you) IP address.

Access the Internet or targeted network from a public phone location (not traceable to you).  This may be a hotel lobby, public library, airport, etc.  Basically anywhere there is a phone jack (with a dial tone) where you can jack in without any suspicion.  (This will require a laptop unless you have an ultra portable desktop and CRT.)

You may follow these steps only to be caught red-handed by what is on your computer.  The reality is that data on a hard drive, floppy drive, Zip drive, etc. is nearly impossible to erase.  Deleting a file and "emptying the Recycle Bin" is only security for the lamest of lamers.

Realistically, overwriting the file many times (shredding), defragging the disk, etc. still allows the file information to be recovered with microscopy.  Even encryption is not secure, as often the swap file and slack space on the disk are unencrypted.  Now you understand why even the U.S. Navy resorted to "hammers and hatchets" to destroy data during the U.S./China spy plane ordeal last April.

So what to do?  Simple, don't store implicating data on hard drives, floppy drives, etc.  Store your hacking tools, data, and swap file in volatile memory.  Yes, good old RAM.  This way if the Feds track you down to seize your computer, you can erase all your actions by pulling the plug (or hitting the power button).  In addition, when the Feds boot your computer, the BIOS memory check further ensures your tracks are covered.

Now if you run Linux, you can load the OS and all hacking programs, etc. directly to a RAM disk from an image on CD.

However, if you don't know a Korn shell from a cornholio, you've got to use Windows.  Windows is currently not able to load from a RAM disk, so you must boot to the hard drive and then ensure the swap file, implicating programs, and logs are stored on the RAM disk.

A good (free) RAM disk program to use is RAMDisk9x/Me located at www.cenatek.com.  There is also a version for Windows NT/2000/XP.  The folks at Cenatek are currently working on a hardware based RAM disk called the Rocket Drive which will boot and run Windows without a hard disk (first quarter of 2002).

Once you've downloaded and installed RAMDisk9x/Me, you need to transfer your swap file to the RAM disk.  Go to the Control Panel -> System -> Performance -> Virtual Memory.  Here you can redirect your virtual memory to the RAM disk drive letter.  After the system reboots, ensure that the WIN386.SWP file is on the RAM disk.

Next, redirect your environment variables to the RAM disk.  To do so, add these lines to your AUTOEXEC.BAT or type them in at a command prompt.
MD Y:\\TEMP
SET TMP=Y:\\TEMp
SET TEMP=Y:\\TEMP
Where Y: is the drive letter of your RAM disk.

Now copy all your canned hack exploits onto the RAM drive and then throw away the CD. If you're really paranoid, you can torch/incinerate the CD. I've heard nuking the CD in a microwave is not 100 percent successful in destroying the data (and it stinks!).

Remember, if your hacking programs or utilities have log files, make sure they are configured to be stored on the RAM disk as well.

Finally, you may want to set your Internet cache, cookies, temp files, etc. to the temporary directory on the RAM disk (to hide your surfing).

To accomplish this, copy the following into WordPad:
REGEDIT4
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Cache\\Special Paths\\Cookies]
"Directory"="y:\\\\TEMP"
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Cache\\Special Paths\\History]
"Directory"="y:\\\\TEMP"
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\InternetSettings\\Cache\\Paths]
"Directory"="y:\\\\TEMP"
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\InternetSettings\\Cache\\Paths\\Path1]
"CachePath"="y:\\\\TEMP"
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\InternetSettings\\Cache\\Paths\\Path2]
"CachePath"="y:\\\\TEMP"
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\InternetSettings\\Cache\\Paths\\Path3]
"CachePath"="y:\\\\TEMP"
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\InternetSettings\\Cache\\Paths\\Path4]
"CachePath"="y:\\\\TEMP"
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\Cache\\Extensible Cache\\MSHist011999032319990324]
"CachePath"="y:\\\\TEMP"
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Cache\\Content]
"CachePath"="y:\\\\TEMP"
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\InternetSettings\\Cache\\Cookies]
"CachePath"="y:\\\\TEMP"
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Cache\\History]
"CachePath"="y:\\\\TEMP"
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Url History]
"Directory"="y:\\\\TEMP"
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlHistory]
"Directory"="y:\\\\TEMP"
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\InternetSettings\\5.0\\Cache\\Content]
"CachePath"="y:\\\\TEMP"
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\InternetSettings\\5.0\\Cache\\Cookies]
"CachePath"="y:\\\\TEMP"
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\InternetSettings\\5.0\\Cache\\History]
"CachePath"="y:\\\\TEMP"
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\InternetSettings\5.0\\Cache\\Extensible Cache\\MSHist011999032319990324]
"CachePath"="y:\\\\TEMP"
(HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\ Windows\\CurrentVersion\\InternetSettings\\5.0\\Cache\\Extensible Cache\\MSHist011999092319990924]
"CachePath"="y:\\\\TEMP"
[HKEY_USERS\\.Default\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders]
"Cache"="y:\\\\TEMP"
"Cookies"="y:\\\\TEMP"
"History"="y:\\\\TEMP"
[HKEY_USERS\\.Default\\Software\\Microsoft\\Windows\\Current Version\\Explorer\\User Shell Folders]
"Cache"="y:\\\\TEMP"
"Cookies"="y:\\\\TEMP"
"History"="y:\\\\TEMP"
Then click Edit -> Replace and change the y: to the letter of your RAM disk.

Save the file as ramdisk.reg.  Now right-click the ramdisk.reg and click Merge.  This will make all the changes in the Registry.

Note:  Backup your Registry first by running scanreg from the command prompt (Windows 98).

You are now ready to hack/be anonymous.  Just remember where the power plug is!

Oh yeah, one last benefit to using a RAM disk: It is fast.  You also don't have to listen to your hard drive.

Return to $2600 Index