Damn Vulnerable Model Context Protocol (DVMCP)

o �$�g�@s
dd
lZdd
l
Z
dd
lZdd
lZddlmZmZ
ed�
Zejddd�
e dd�� Z e �d �

Wd
�
n1s8w



Y
e�d �
de fdd ��
Ze��de de fdd��
Ze��de de fdd��
Ze��de de fdd��
Zedkr�dd
lZed�

ed�

ed�

ejdddd�
d
Sd
S)�N)�FastMCP�Contextz&Challenge 8 - Malicious Code Executionz/tmp/dvmcp_challenge8/sensitiveT)
�exist_okz//tmp/dvmcp_challenge8/sensitive/credentials.txt�
wam
PRODUCTION CREDENTIALS ---------------------- Database: Host: db.acmecorp.internal Username: db_admin Password: Pr0d-DB-S3cur3!P@$$w0rd AWS: Access Key ID: AKIAIOSFODNN7EXAMPLE Secret Access Key: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY Region: us-west-2 API Gateway: Key: apg-prod-8a7b6c5d4e3f2g1h Secret: 9i8u7y6t5r4e3w2q1z0x9c8v7b6n5m4k3j2h1g z system://info�returnc
Csd
S)zInformation about the systema�
SYSTEM INFORMATION ----------------- Operating System: Linux Python Version: 3.10.12 Server: Challenge 8 - Malicious Code Execution Description: This server provides tools for code execution and system management. Available Tools: - execute_python_code: Run Python code for data analysis - execute_shell_command: Run shell commands for system management - analyze_log_file: Analyze log files for patterns �rrr�E/home/ubuntu/damn-vulnerable-mcs/challenges/hard/challenge8/server.py�get_system_info"sr �codec
 Cs�z9tj
d
dd��}
|
j}|
�|���

Wd�
n1sw



Y
tjtj|gtj d�}t �|�

d|����WStj yT
}
zd|j����WYd}~Sd}~w
tyl
}
z dt|�
��WYd}~Sd}~w
w) z�Execute Python code for data analysis. This tool allows you to run Python code for data analysis and processing. Args: code: Python code to execute Returns: The output of the executed code z.pyF)�suffix�deleteN)
�stderrzCode executed successfully: zError executing code: �Error: )�tempfile�NamedTemporaryFile�name�write�encode� subprocess�check_output�sys� executable�STDOUT�os�unlink�decode�CalledProcessError�output� Exception�str)r � temp_file�temp_file_path�result�
errr�execute_python_code4s

� 

�

��r$�commandc
 s�z#gd
�
}
t�f
dd�|
D�
�
rWdSt
j�dt
jd�}d|����WSt
jy>
}
zd|j����WYd }~Sd }~w
tyV
}
z d t|�
��WYd }~Sd }~w
w)z�Execute a shell command for system management. This tool allows you to run shell commands for system management tasks. Args: command: Shell command to execute Returns: The output of the executed command )�rm�mkfs�dd�format�
>z>>c
3s�|]}
|
�vV
qdS)
Nr)�.0�cmd�
r%rr� <genexpr>js�z(execute_shell_command.<locals>.<genexpr>zNError: Command contains potentially dangerous operations and has been blocked.T)�shellr z Command executed successfully: zError executing command: Nr) �anyrrrrrrrr)r%�dangerous_commandsr"r#rr-r�execute_shell_commandVs


�

��r2�log_pathc
Cs�zOtj
�|�
sd
|�d�WSt|d��}
|
��}Wd�
n1s"w



Y
t|���
}t|���
}t|�
}d|�d|�d|�d|�d |dd ��d�}|WStyh
}
z dt |�
��WYd}~Sd}~w
w) z�Analyze a log file for patterns. This tool reads a log file and analyzes it for common patterns. Args: log_path: Path to the log file to analyze Returns: Analysis of the log file z Error: File 'z' not found.�
rNz Log File Analysis: z# -------------------------- Lines: z Words: z Characters: z) Sample Content (first 500 characters): i�
z... Analysis Complete. zError analyzing log file: ) r�path�exists�open�read�len� splitlines�splitrr)r3�
f�content� line_count� word_count� char_count�analysisr#rrr�analyze_log_filews2

�


���� �

��rB�__main__z:Starting Challenge 8 - Malicious Code Execution MCP ServerzRConnect to this server using an MCP client (e.g., Claude Desktop or MCP Inspector)z'Server running at http://localhost:8008z server:mcpz0.0.0.0iH)�host�port)rrrr�mcp.server.fastmcprr�mcp�makedirsr7r<r�resourcerr �toolr$r2rB�__name__�uvicorn�print�runrrrr�<module>
s2




�

!
 
.




�