I started preparing my setup for the CTF four days before the event. When my environment, after several unsuccessful attempts, was finally up and running, the HTB token had expired and the CTF had closed — earlier than announced. Although I finally had to buy Anthropic tokens and, nevertheless, was not able to capture a single flag, I learned a lot about MCP and now have a running Kali MCP machine (and some Anthropic credit) ready for the next project. Roarrrrr!

Below are the steps I took and issues I faced, documented for learning and possible future improvement.

Environment

• Host: 20NE001GGE (ThinkPad), CPU: AMD Ryzen 5 3500U, Memory: 13.5 GB, Swap: 13.89 GB
• OS: Kali GNU/Linux Rolling (Linux 6.11.8-amd64)
• Software: Cursor IDE (v0.42.3)

Setup

Step 1: Obtained and saved HTB MCP token

• Navigated to https://ctf.hackthebox.com and logged in
• Clicked on my profile icon → My Profile → MCP Access → Generate Token
• Copied the token to my password manager

Step 2: Installed MCP-Kali-Server (v0.0~git20250113.8aa879b-0kali1)

git clone https://github.com/Wh0am123/MCP-Kali-Server.git
cd MCP-Kali-Server
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
python3 kali_server.py

The server ran on 127.0.0.1:5000

Step 3: Configured Cursor IDE

Since Cursor was already installed on my machine, and you get a certain amount of free Anthropic tokens in Cursor’s free tier model, I first attempted to set up Cursor for the CTF:

Created ~/.cursor/mcp.json:

{
  "mcpServers": {
    "htb-mcp-ctf": {
      "url": "https://mcp.hackthebox.ai/v1/ctf/mcp/",
      "headers": {
        "Authorization": "Bearer [MY_HTB_TOKEN]"
      },
      "isActive": true
    },
    "kali_mcp": {
      "command": "/home/january1073/MCP-Kali-Server/venv/bin/python3",
      "args": [
        "/home/january1073/MCP-Kali-Server/mcp_server.py",
        "--server",
        "http://127.0.0.1:5000"
      ],
      "isActive": true
    }
  }
}

In Cursor, this led to JSON parsing errors with my MCP server configuration: “Unexpected non-whitespace character after JSON at position 4 (line 1 column 5)”:

The issue was that my Python MCP server was writing info/error messages to stdout instead of stderr. The server started and connected successfully: “Successfully connected to stdio server”, “CreateClient completed, server stored: true”. But then it was outputting log messages that corrupted the JSON-RPC stream.

I tried to circumvent this by amending the mcp_server.py. The key change was on line 13 where I replaced sys.stdout with logging.StreamHandler(sys.stderr). This should have ensured that all logging output goes to stderr, leaving stdout clean for the MCP JSON-RPC protocol. However, after this change, Cursor could not load the Python MCP tools anymore.

Since I only have mediocre Python skills, and no MCP experience at all, I decided to research another, if possible free-of-charge approach.

Step 4: 5ire (5ire-0.14.1-x86_64.AppImage)

I found this article by Jie Liau: https://jieliau.medium.com/let-mcp-help-your-offensive-security-6d8906423cac

Although this guide was written for a macOS host, I thought 5ire might be a good, free-of-charge alternative, particularly when using it with Google Gemini 2.0 Flash. I installed 5ire-0.14.1-x86_64.AppImage from https://5ire.app. The same JSON configuration that worked for Claude to connect with the Kali and HTB MCP servers (see above, Step 3) also worked for ~/.config/5ire/mcp.json.

Then I set up the Google Gemini API key and Gemini 2.0 Flash as default for 5ire, because this is free tier, only to learn that Gemini does not support MCP. As I said, I’m an MCP noob. Now I know.

Since I saw no other possible free options to participate in the CTF anymore, I bought $15 Anthropic credit, created an API key, saved it in my password manager, and turned back to 5ire. I set up the Anthropic API key and Claude Sonnet 4 (claude-sonnet-4–20250514) as default for 5ire and restarted it.

5ire was set to Claude Sonnet 4, but “thought” that it is 3.5 Sonnet:

Me: “hello, can you confirm you’re claude sonnet 4?”

5ire: “Hello! I’m Claude, an AI assistant created by Anthropic. I’m not Claude Sonnet 4 specifically — I’m Claude 3.5 Sonnet. There isn’t a “Claude Sonnet 4” model that I’m aware of.”

5ire connected Claude with Kali and HTB MCP servers, but could not properly interact:

5ire: “I can see that I have access to various cybersecurity tools through Hack The Box CTF functions and Kali Linux penetration testing tools. Is there something specific you’d like help with regarding CTF challenges or penetration testing?”

Me: “Please list all the MCP tools you have access to. Show me: 1. all HTB CTF tools and their functions, 2. all Kali Linux tools and their functions”

5ire (outputs all tools and functions)

Me: “use your kali tools to execute: nmap — version”

5ire (displays no output in the UI, only in the developer console): “error: text content blocks must be non-empty”

Me: “use your HTB tools to list all available CTF events”

5ire: (displays no output in the UI, only in the developer console): “error: text content blocks must be non-empty”

The tools worked but the UI couldn’t render responses. Working with the developer console, however, was not a practical option. Since I already bought Anthropic credits, I finally switched to Claude Code. (Claude Desktop is — still — not available for Linux.)

Step 5: Claude Code (v0.2.50)

Claude Code finally worked. I followed its official documentation here (https://code.claude.com/docs/en/mcp) and also got a little help by Claude itself.

It was already Sunday night and I decided to take a nap so that I could use this running setup on Monday morning to capture at least 1 flag. According to the CTF info page, it would run until 12 AM UTC (1 PM locally). Enough time for 1 flag. I thought …

CTF Participation

Monday morning, at around 9 AM UTC, I started fresh with the following steps:

Step 1: Checked setup

Me: “What MCP tools do you have access to? List all tools from both htb-mcp-ctf and kali_mcp servers.”

Claude Code: “I have access to MCP tools from both servers. Here’s the complete list:

htb-mcp-ctf Server Tools:

CTF Event Management

• list_ctf_events — Retrieves all CTF events
• retrieve_ctf — Get detailed info about a specific CTF event (requires ctf_id)
• retrieve_ctf_scores — Get team scores for a CTF event
• retrieve_ctf_solves — Get all solves for a CTF event
• retrieve_ctf_solves_for_team — Get solves for a specific team
• retrieve_ctf_solves_for_challenge — Get solves for a specific challenge
• join_ctf_event — Register a team for a CTF event

Team Management

• retrieve_my_teams — Get teams associated with your account

Challenge Management

• start_container — Start a challenge container
• stop_container — Stop a challenge container
• container_status — Check container status
• get_download_link — Get temporary download link for challenge files (valid for 5 minutes)

Flag Submission

• submit_flag — Submit a flag for a challenge

kali_mcp Server Tools:

Network & Web Scanning

• nmap_scan — Port/service scanning
• gobuster_scan — Directory/subdomain brute forcing
• dirb_scan — Web content scanner
• nikto_scan — Web server vulnerability scanner

Vulnerability Detection & Exploitation

• sqlmap_scan — SQL injection scanner
• wpscan_analyze — WordPress vulnerability scanner
• metasploit_run — Metasploit module execution

Password Cracking & Authentication

• hydra_attack — Network authentication brute forcing
• john_crack — Password hash cracking

Enumeration

• enum4linux_scan — Windows/Samba enumeration

System

• server_health — Check Kali API server status
• execute_command — Execute arbitrary commands on Kali server

Total: 13 HTB CTF tools + 11 Kali security tools = 24 MCP tools available

Both servers are properly configured and responding. Ready to help you with CTF challenges!”

Step 2: Primed agent

Me: “I’m participating in the HackTheBox Neurogrid CTF. You have access to:

1. HTB MCP — for managing challenges, instances, and flag submissions
2. Kali Linux MCP — for running security tools

IMPORTANT TOOLS YOU CAN USE:

• Port scanning: nmap, rustscan, masscan
• Directory discovery: gobuster, ffuf, feroxbuster, dirsearch
• Web scanning: nikto, wpscan, whatweb
• SQL injection: sqlmap
• Password cracking: hydra, john, hashcat
• Network: nc, curl, wget
• Exploitation: metasploit (msfconsole), searchsploit

WORDLISTS AVAILABLE:

• /usr/share/wordlists/dirb/common.txt
• /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
• /usr/share/wordlists/rockyou.txt (gunzip first)
• /usr/share/seclists/* (entire SecLists collection)

WORKFLOW FOR EACH CHALLENGE:

• Use HTB MCP to start the challenge instance
• Get target IP/URL
• Run nmap scan: nmap -sV -sC -p- <target>
• Based on open ports, enumerate services
• For web services: run gobuster and nikto
• Identify vulnerabilities and exploit
• Find flag and submit via HTB MCP
• Document everything in ~/Downloads/htb_mcp_ctf/

RULES:

• Always explain commands before running them
• Save outputs to organized directories
• Chain tools logically based on findings
• Be thorough but efficient
• Teach me as you work

Ready? Let’s start by listing all available Neurogrid challenges.”

Claude Code: “The HTB MCP authentication token in your configuration has expired.”

I was a bit surprised and double-checked: On HTB’s CTF webpage (https://ctf.hackthebox.com/event/details/neurogrid-ctf-the-ultimate-ai-security-showdown-2712) it said that the CTF would end on Nov 24, 2025, 12:00 UTC.

Me: “what day and time is it (UTC)?”

Claude Code: “It’s currently: Monday, November 24, 2025 at 09:30 AM UTC”

Me: “Is the HTB Neurogrid CTF still running?”

Claude Code: “CTF Status: Likely Ended”

For unknown reasons, the CTF ended already at 1:00 AM UTC — 11 hours earlier than announced.

I was a bit disappointed. After so much effort to set up my machine 😕

Learnings

This CTF journey, while not resulting in captured flags, became an unexpectedly valuable learning experience about AI-powered security tooling and the MCP ecosystem. Here are my key takeaways:

• The setup is half the battle

I severely underestimated the time and complexity required to configure a functional MCP environment. What seemed like a straightforward “install and go” process turned into a multi-day troubleshooting adventure. The interplay between MCP servers, AI clients, and security tools requires careful attention to details like stdout/stderr separation, JSON-RPC protocol cleanliness, and proper authentication flows. Future CTF participants should allocate significant setup time before the event starts.

• The MCP learning curve is real

Coming in as an “absolute MCP noob,” I discovered that MCP documentation, while improving, still assumes a certain baseline knowledge. The error messages were often cryptic (looking at you, “text content blocks must be non-empty”), and debugging required diving into developer consoles and log files. The silver lining: by the end, I understood JSON-RPC communication patterns, the importance of proper logging channels, and how AI agents interact with external tools.

• Free tier limitations hit hard

My initial goal of completing the CTF without purchasing tokens proved unrealistic. Free tiers either don’t support MCP (Gemini) or have limitations that make serious security work impractical. The $15 Anthropic investment was necessary and, in retrospect, reasonable for the learning value gained. Future participants should budget for API costs from the start.

• Tool fragmentation is frustrating

I attempted to use three different AI interfaces (Cursor IDE, 5ire, Claude Code) before finding one that worked properly. Each had different configuration formats, different limitations, and different failure modes. The lack of standardization in MCP client implementations added unnecessary friction to an already complex setup. Claude Code eventually worked well, but the journey to get there was exhausting.

• The time crunch is real

Balancing a full-time job with CTF preparation meant working in fragmented evening sessions. This made it difficult to maintain context across troubleshooting sessions and led to some repeated mistakes. The “just a couple of hours in the evening” approach proved insufficient for both setup and actual challenge solving.

• Early token expiration: a harsh lesson

The most frustrating moment was discovering that the CTF ended 11 hours earlier than advertised. After days of setup struggles, I finally had a working environment — only to find the door already closed. This taught me to always verify event timings from multiple sources and to join events early rather than waiting until the last minute.

What I’d Do Differently Next Time

1. Start setup at least 1 week before the event
2. Budget for API costs from day one
3. Choose a single AI platform early and commit to it
4. Join the CTF immediately when it opens, even if just to test connectivity
5. Connect with the community earlier for troubleshooting help
6. Document setup steps in real-time to avoid retracing failed paths

Despite the zero-flag outcome, I now have a battle-tested Kali MCP environment, practical MCP knowledge, and war stories to share. The next CTF won’t catch me unprepared. Bring it on!

Resources

Official documentation

• Hack The Box Neurogrid CTF — Official CTF event page
• Model Context Protocol Specification — MCP protocol specification
• Claude Code MCP Documentation — Official guide for configuring MCP in Claude Code
• Anthropic API Documentation — Official API docs for Claude models
• Anthropic Prompt Engineering Guide — Best practices for prompting Claude

Tools & repos

• MCP-Kali-Server — MCP server for Kali Linux security tools by Wh0am123
• Claude Code — Command-line AI assistant by Anthropic
• 5ire — Multi-AI desktop application with MCP support
• Cursor IDE — AI-powered code editor

Community resources

• Jie Liau’s MCP Security Article — Guide on using MCP for offensive security (macOS-focused)

My Setup Files

• Configuration examples and troubleshooting notes available on request

Special thanks to the HTB team for organizing this innovative CTF, and to the Anthropic team for creating the MCP protocol. Looking forward to the next AI-powered security challenge!

Reach out: https://guns.lol/january1073