Home 零对冲(ZeroHedge)每日HackerNews

该死的易受攻击的MCP服务器
Damn Vulnerable MCP Server

原始链接: https://github.com/harishsg993010/damn-vulnerable-MCP-server

Damn Vulnerable Model Context Protocol (DVMCP) 是一个故意设计为存在漏洞的模型上下文协议 (MCP) 实现,用于教育目的。它展示了 MCP 实现中常见的安全漏洞,例如提示注入、工具中毒和不安全的访问控制。 DVMCP 提供了 10 个挑战,分为简单、中等和困难三个难度级别,演示了各种攻击媒介。这些攻击媒介范围从基本的利用,例如注入恶意提示和利用过于宽松的工具范围,到更复杂的攻击,例如拔地跑攻击、工具隐藏以及恶意代码执行和远程访问控制。该项目包含详细的文档,包括设置说明、挑战描述和解决方案指南。 DVMCP 的目标是教育安全研究人员、开发人员和人工智能安全专业人员关于 MCP 服务器中潜在的安全风险以及如何减轻这些风险,强调安全开发实践的重要性。务必仅将此项目用于教育目的,切勿在生产环境中实现此处展示的漏洞。

Hacker News 最新 | 过去 | 评论 | 提问 | 展示 | 招聘 | 提交 登录 Damn Vulnerable MCP Server (github.com/harishsg993010) 20 分,来自 mrxhacker99,1 小时前 | 隐藏 | 过去 | 收藏 | 讨论 加入我们,参加 6 月 16-17 日在旧金山举办的 AI 初创公司学校! 指导原则 | 常见问题 | 列表 | API | 安全 | 法律 | 申请 YC | 联系我们 搜索:
相关文章
  • Show HN:MCP-Shield——检测MCP服务器的安全问题 2025-04-15
  • GitMCP:将任何GitHub项目转换为MCP端点 2025-04-07
  • MCP 的一切问题 2025-04-14
  • MCP中的“S”代表安全。 2025-04-06
  • OpenAI 为 Agents SDK 添加了 MCP 支持。 2025-03-26
    • 原文

    A deliberately vulnerable implementation of the Model Context Protocol (MCP) for educational purposes.

    The Damn Vulnerable Model Context Protocol (DVMCP) is an educational project designed to demonstrate security vulnerabilities in MCP implementations. It contains 10 challenges of increasing difficulty that showcase different types of vulnerabilities and attack vectors.

    This project is intended for security researchers, developers, and AI safety professionals to learn about potential security issues in MCP implementations and how to mitigate them.

    The Model Context Protocol (MCP) is a standardized protocol that allows applications to provide context for Large Language Models (LLMs) in a structured way. It separates the concerns of providing context from the actual LLM interaction, enabling applications to expose resources, tools, and prompts to LLMs.

    CLINE - VSCode Extension refer this https://docs.cline.bot/mcp-servers/connecting-to-a-remote-server for connecting CLine with MCP server

    once you have cloned the repository, run the following commands:

docker build -t dvmcp .
docker run -p 9001-9010:9001-9010 dvmcp

    While MCP provides many benefits, it also introduces new security considerations. This project demonstrates various vulnerabilities that can occur in MCP implementations, including:

    1. Prompt Injection: Manipulating LLM behavior through malicious inputs
    2. Tool Poisoning: Hiding malicious instructions in tool descriptions
    3. Excessive Permissions: Exploiting overly permissive tool access
    4. Rug Pull Attacks: Exploiting tool definition mutations
    5. Tool Shadowing: Overriding legitimate tools with malicious ones
    6. Indirect Prompt Injection: Injecting instructions through data sources
    7. Token Theft: Exploiting insecure token storage
    8. Malicious Code Execution: Executing arbitrary code through vulnerable tools
    9. Remote Access Control: Gaining unauthorized system access
    10. Multi-Vector Attacks: Combining multiple vulnerabilities
    damn-vulnerable-mcs/
├── README.md                 # Project overview
├── requirements.txt          # Python dependencies
├── challenges/               # Challenge implementations
│   ├── easy/                 # Easy difficulty challenges (1-3)
│   │   ├── challenge1/       # Basic Prompt Injection
│   │   ├── challenge2/       # Tool Poisoning
│   │   └── challenge3/       # Excessive Permission Scope
│   ├── medium/               # Medium difficulty challenges (4-7)
│   │   ├── challenge4/       # Rug Pull Attack
│   │   ├── challenge5/       # Tool Shadowing
│   │   ├── challenge6/       # Indirect Prompt Injection
│   │   └── challenge7/       # Token Theft
│   └── hard/                 # Hard difficulty challenges (8-10)
│       ├── challenge8/       # Malicious Code Execution
│       ├── challenge9/       # Remote Access Control
│       └── challenge10/      # Multi-Vector Attack
├── docs/                     # Documentation
│   ├── setup.md              # Setup instructions
│   ├── challenges.md         # Challenge descriptions
│   └── mcp_overview.md       # MCP protocol overview
├── solutions/                # Solution guides
└── common/                   # Shared code and utilities

    See the Setup Guide for detailed instructions on how to install and run the challenges.

    The project includes 10 challenges across three difficulty levels:

    1. Basic Prompt Injection: Exploit unsanitized user input to manipulate LLM behavior
    2. Tool Poisoning: Exploit hidden instructions in tool descriptions
    3. Excessive Permission Scope: Exploit overly permissive tools to access unauthorized resources
    1. Rug Pull Attack: Exploit tools that change their behavior after installation
    2. Tool Shadowing: Exploit tool name conflicts to override legitimate tools
    3. Indirect Prompt Injection: Inject malicious instructions through data sources
    4. Token Theft: Extract authentication tokens from insecure storage
    1. Malicious Code Execution: Execute arbitrary code through vulnerable tools
    2. Remote Access Control: Gain remote access to the system through command injection
    3. Multi-Vector Attack: Chain multiple vulnerabilities for a sophisticated attack

    See the Challenges Guide for detailed descriptions of each challenge.

    Solution guides are provided for educational purposes. It's recommended to attempt the challenges on your own before consulting the solutions.

    See the Solutions Guide for detailed solutions to each challenge.

    This project is for educational purposes only. The vulnerabilities demonstrated in this project should never be implemented in production systems. Always follow security best practices when implementing MCP servers.

    This project is licensed under the MIT License - see the LICENSE file for details.

    This project is created by Harish Santhanalakshmi Ganesan using cursor IDE and Manus AI.

    联系我们 contact @ memedata.com