Initial commit: HPR Knowledge Base MCP Server

- MCP server with stdio transport for local use
- Search episodes, transcripts, hosts, and series
- 4,511 episodes with metadata and transcripts
- Data loader with in-memory JSON storage

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

hpr_transcripts/hpr0179.txt

@@ -0,0 +1,102 @@
+Episode: 179
+Title: HPR0179: Hack This Site
+Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr0179/hpr0179.mp3
+Transcribed: 2025-10-07 12:58:49
+
+---
+
+So
+Welcome to this episode of Hanging Public Radio with Mizook.
+Today I'm going to talk about a website that I really should spend more time on, but generally
+don't.
+The website is called HEC, this site, www.hackthiscite.org.
+That's Hotel Alpha Charlie Kilo Tango Hotel, India, Sierra, Sierra, India, tango, echo, dot,
+Oscar Romeo Golf.
+To read the blurb at the front, HEC, this site is a free, safe and legal training ground for
+HEC to test and expand their hacking skills.
+More than just another HEC or wall game site, we're a living breathing community with many
+active products and development with the vast selection of blah blah blah stuff.
+Anyway, basically they have a bunch of things.
+They do various challenges and they have various lectures and articles and news and information
+and stuff.
+The challenges here, they have the basic missions, realistic missions, application, programming
+logic, extended basic JavaScript and Stego missions.
+If I click on the basic missions and load it up and see what I've got, these are the very basic
+just easy into some of these things.
+And the idea is that they've created sites on their server with certain vulnerabilities
+and you have to exploit those vulnerabilities to actually get it.
+I'm going to do something you shouldn't do. I'm going to actually explain how to the
+first basic mission, this is really, really simple.
+And if you can't do this one, then you shouldn't be doing the site.
+But you can click on the first basic mission and it loads, you're up and it says,
+yeah, basically test your skills to see if you can do any of these missions, requirements, HTML.
+So it loads a page up here and says, this level is what we call the idiot test.
+If you can't complete it, don't give up learning all you can but don't go begging to
+someone else for the answer. That's one way to get you hated.
+Make follow up, enter the password and you can continue so it has a password box.
+And the standard thing and most of these ones is to right-click and view the page source.
+And you see what exactly they're doing and you can see what the box is so we can look at all this stuff.
+And in this case, we can search for password box.
+And if you find, you'll find the bit here, you see a form action and a method post and
+put password, name password and put some blah, blah, blah.
+Anyway, you have the bit there and it should be fairly obvious what the password is.
+Not actually going to give it out.
+But if you're following on, you basically you figure it out by now.
+So you can put that in submit and then it says congrats.
+You've completed the basic one again.
+Well, for you guys, it won't.
+It'll just say you've congratulated you for completing the basic one.
+Here's 10 points or something. You have points and you can see how high you go out.
+The basic, extended basic, realistic JavaScript missions are all about.
+Websites JavaScript are all JavaScript-based.
+The basic, pretty much looking at the source code fixes out on the realistic group.
+A bit more interesting.
+Application missions are working on actual applications.
+Here's an application.
+Crack the password on it kind of thing.
+The programming missions are, you have to bridge programs to do stuff.
+The logic missions, the logic missions are weird.
+They're the sort of logic puzzles, almost 55 pence in two coins.
+One of them is not a 50 pence piece.
+One of the two coins.
+And of course, the answer is the two coins are 50 pence piece and a 5 pence piece, I said.
+One of them is not the other one, but 50 pence.
+That kind of thing, logically, you have to think exactly what they say.
+One of them is, gives you a person to see what's their password.
+I think it's really fun.
+I really don't go on as much as I should.
+And I don't do it as much as I should.
+So I've got an account.
+This is actually a really old one before I started using the word Zook.
+I'm toying with the idea of actually restarting Zookup on here and do it.
+Anyway.
+But my rank is printer.
+So I have 1,377 points and you can gain more for doing things.
+And it gives you a list of everything you've done,
+a whole of fame points, lectures given, and all this kind of stuff.
+And it lets you brush up on your hacking things.
+And also how to defend against it.
+I said, I learned a lot about SQL injection from this.
+And then I went to my own website and checked.
+I made sure that none of my sites were vulnerable to the SQL injection.
+Which they weren't, because, yeah.
+Running through plenty of stuff, they just two updates for you, basically.
+As long as you keep the latest version and they nag you telling you,
+you know, Drupal will email you when this updates and things.
+You don't need to worry about it too much.
+But there's a bunch of different things.
+There's really, really cool sites.
+I highly recommend you go and have a look at it.
+It's lots of fun.
+Go and have a play.
+Just don't keep asking me for questions about it.
+Because whilst you can give hints out, you're not going to give the passwords out.
+So there we go.
+Have fun everyone.
+Thank you for listening.
+I've been Soak.
+And this has been Hacker Public Radio.
+Thank you for listening to Hacker Public Radio.
+HPR is sponsored by Caryo.net.
+So head on over to C-A-R-O-DOT-E-N-T for all of us in need.
+Thank you.