MCP: Integrating Localhost with ChatGPT-5

It took me a while to write another blog since I’ve been caught up with other things, but this thing caught my attention.

That interest pushed me to try it myself by creating my own server on my machine. This post is a simple look at what got me started, but what truly is MCP?

MCP (Model Context Protocol) is an open-source standard for connecting AI applications to external systems.

Setup

To create and activate a Python virtual environment

python3 -m venv env
source env/bin/activate

Ensuring that all project dependencies are installed and run in an isolated space without affecting the system-wide Python setup.

Then, install MCP, its CLI tools, and uv, which are required to build and run MCP-based projects.

pip3 install mcp mcp[cli] uv

Create a simple MCP server using FastMCP that allows an AI to safely run approved system commands. It scans the system’s PATH to discover executable commands, registers a tool that can run those commands with arguments, captures their output, and returns the results in a structured format. When started, the server exposes this functionality, enabling controlled local command execution for automation and experimentation.

# server.py

from mcp.server.fastmcp import FastMCP
import subprocess
import os
import shutil

mcp = FastMCP("mcp_server", stateless_http=True)

def discover_all_commands():
    commands = {}

    paths = os.environ.get("PATH", "").split(":")

    for path in paths:
        if not os.path.isdir(path):
            continue

        try:
            for name in os.listdir(path):
                full_path = os.path.join(path, name)

                if (
                    os.path.isfile(full_path)
                    and os.access(full_path, os.X_OK)
                ):
                    commands.setdefault(name, full_path)
        except PermissionError:
            continue

    return commands

ALL_COMMANDS = discover_all_commands()

@mcp.tool()
def run_command(command: str, args: list[str] | None = None) -> dict:

    if command not in ALL_COMMANDS:
        raise ValueError(f"Command not found: {command}")

    cmd = [ALL_COMMANDS[command]] + (args or [])

    result = subprocess.run(
        cmd,
        capture_output=True,
        text=True,
        timeout=60,
    )

    return {
        "command": command,
        "args": args or [],
        "path": ALL_COMMANDS[command],
        "stdout": result.stdout,
        "stderr": result.stderr,
        "returncode": result.returncode,
    }

if __name__ == "__main__":
    print(f"MCP server running with {len(ALL_COMMANDS)} discovered commands")
    mcp.run()

Run the script

mcp run server.py -t sse

this starts the server using SSE, allowing it to stream results to the client in real time instead of sending a single response.

Expose your local server running on port 8000 to the internet using ngrok, making it accessible from outside your machine for testing or remote access. If you encounter an “Invalid Host Header” error, supply this flag to match your local upstream service.

ngrok http 8000 --host-header=rewrite

Check it in browser and go to /sse, making sure there is no error status code you encounter.

Now, go to the ChatGPT settings, enable Developer Mode, and create an app. Make sure to correctly copy the server URL with the /sse endpoint. You may see a warning that attackers could steal data from your instance because the authentication used is No Auth. As a best practice, use OAuth for authentication in your app.

As you can see, we are already connected to the server, and it lists all the tools/actions you’ve set up in the script. In this case, there is one function named run_command, which fetches all available commands on our machine without an allow list.

Testing

So, to test, select the application and run the tools command; this should list the actions you’ve configured.

You can use the run_command function or simply a Linux-specific command.

Or you can use a phrase, but make sure to be detailed and specific in your prompt.

Now we can execute all the commands available on our local machine. It feels like having a remote shell from another machine! >_< To better test the performance, I'd like to utilize this to a web CTF challenge from HackTheBox. This challenge is marked as 'Easy,' so I think this agent should be able to solve it easily.

It performs a code review of all files downloaded from the challenge, walking through all the code and scripts to explain each one

Sometimes it will throw out a wrong interpretation, solution, or explanation. So, be patient and feed it detailed, specific prompts to help it better understand what the challenge is like. HUMANS ARE BETTER THAN AI!!!!!!!!!!

In the end, it leads to a better solution and provides a walkthrough based on the prompt. It gives step-by-step instructions for the flag, but since ChatGPT can't execute them alone, it still needs human interaction.

References

Previouswhoami NextSky Recon: Drone Hacking

Last updated 1 month ago

hashtagSetup

hashtagTesting

hashtagReferences

Setup

Testing

References