I love to play HoMM3 on different maps created by the community. However, yesterday my computer was hacked, right after loading a map received from a colleague. He is rather a 101 wannabe hacker, so I don't think that he invented the exploit himself. After small inspection, I've found out what the vulnerability is and got it patched. Let's see if you can still hack me.
On the webpage, you may find HoMM3 Demo installer. The patched executable is named
h3demo.exe, while the original one is named
The server is running patched binary
- The keyboard is not available over VNC session, you may only use mouse (we are too afraid of strange GUIs in Windows).
- There is no network in the Virtual Machine, so don't try to create any kind of reverse shell.
- Flag is in
D:\flag.txton the remote machine.