33:24 (etc!) - This is a nice example of GPT confabulating plausible-sounding nonsense. CAP_NET_* is Linux capabiliies(7) stuff, and has absolutely nothing whatsoever to do with FreeBSD's capsicum(4) sandboxing. What it's telling you is worse than useless - literally misinformation. The most exciting capability ping(8) asks for within its sandbox is the "system.dns" service - a sandboxed resolver API.

Each time I use chatGPT it feels like I'm asking a Star Trek Computer a question. This is as close as we got so far. U-N-R-E-A-L.

feels like gpt will stay with us for life, only iterations will change, powerful af, new era is starting

I love this format for your videos, stepping through code with chat gpt giving ideas. It's really really novel and awesome dude

Good explanation on the ip header

Chatgpt is the new 🐥 that can now respond? Now, someone needs to have a speech to txt for the chatgpt and to the output of chatgpt and pipe the output to an actual rubber duck with a speaker inside [ with duck like voice answers 🤪].

basically attacker server can setup custom ICMP response to overflow the client ping? its like landmine if that client is vulnerable and running internet scanner

A brief summary: The vulnerability in the Ping utility relates to a buffer overflow issue when processing Internet Protocol (IP) and Internet Control Message Protocol (ICMP) headers. The Ping utility is used to send ICMP packets to a host and receive responses, and it reads raw IP packets from the network to process these responses. During this process, the Ping utility has to reconstruct the IP and ICMP headers, as well as a quoted packet (if present) which represents the packet that generated an ICMP error. In order to reconstruct these headers, the Ping utility copies the received IP and ICMP headers into a stack buffer for further processing. However, it fails to take into account the possible presence of IP option headers following the IP header in either the response or the quoted packet. This leads to a buffer overflow of up to 40 bytes in the destination buffer, which is known as a "memory safety bug." This vulnerability can be triggered by a malicious host sending malicious packets in response to a ping, which could potentially lead to code execution on the device of the user who pinged the host. This vulnerability affects FreeBSD, and it is not clear if it affects other distributions. A patch has been released to fix the issue. It is not necessary to scan the entire internet for this vulnerability, as it can only be triggered by a malicious host sending malicious packets in response to a ping.

Thanks for your sharing

This video (and the video before this one) give me an idea about what I can do with ChatGPT... So a few years ago I tried to make music with the lyrics in Japanese using Google Translate and my very little knowledge of Japanese, which I then handed to r/translator to correct my mistake... And then recently with my improved little knowledge of Japanese, I tried to make very short repeating lyrics with some phrases I learned through Anki... And after I watched your video, it give me the idea to try to tell ChatGPT to write lyrics for me... So I did it and I'm impressed with the result... I have no idea whether the language is correct or not, but it does look believable at least...

Regarding 13:17, one way to realize that your assumption is wrong, is that is a tremendous waste (of time and space) to add the whole ip initial packet to a response. For networks every bit matters (even MORE today). ICMP's first byte shows the type of message: 1. echo request 2. echo reply 3. error - 'destination host unreachable' --> in such cases the initial ip packet is attached. And I'm not sure what debugging purposes means. I believe that it used to show to the initial sender what was the failed ip packet. 4. more... The matching happens in the content of the icmp packet. By the way, fun fact we have to be very careful with the terms:) For example we use packet to refer to the network layer, message to refer to the application layer.... Moreover, ICMP is used widely for router advertisment, path discovery (traceroute) and network error - (TTL - timeout errors). Therefore, you will see a ton of icmp packets in the network and that's why every bit counts, and the procedure of pinging is something that happens in various different protocols. Overall, studying networks will show you how you can be frugal (with its own disadvantages of course).

Me: Chat, if I ping you, would you like to pwn me with this bug? ChatGPT: Done. My pleasure. You're welcome.

Please do more analysis with ChatGPT! My interest in ping in this video: 4/10. My interest in understanding the human-ChatGPT analysis: 10/10

Underflow not overflow 👽♥️

You also have to account for how much code you want to put in the overflowed memory and how you are going to execute it. You could seed the memory, maybe?, over consecutive pings but then you have to search the memory for all the pieces! Not something you can stuff in 40 bytes.

Wonder if this is present in pfsense or other bsd stuff.

On the subject of optimisation, why would they use memcpy to copy a single byte when they could just dereference the pointer?

could this cause a problem for "smart routers"? where they see you are doing pings and do odd things, i.e. blocking, rerouting, faking out replies. (we did odd things when going on to ATM networks, or over slower links i.e. satellite links)

I knew I was not the only person to think about commenting about rust.

ping like ntp has a vulnerability please explain in future vlog thanks

if you did POC too ,that would be so amazing man ...

I bet ping has permission to set up a dummy loopback device or something. Maybe leave a socket open within a range used by another common application, like open VPN or tracert probably has default listeners that wait for ping. You could overflow another binary using ping overflow maybe?

ChatGPT sometimes sounds like a drunk DevOps admin. I love it, but you really need to guide it to get a reasonable answer.

Why do you use Chatgpt? It feels like you have to cross verify everything it says and can't trust what it says to be correct. It's more of a liability than just googling what you ask it.

Du siehst gut aus so :D

4 byte octets?

the way you crop the video in order to focus on one area is annoying how about having a zoom overlay? like the full size video on the bg (grayed out a bit) and in the center a box that shows the zoomed portion of the screen you want to show

Rust would have saved us here...

ping is not a setuid binary

".rwx--x--x root root 76 KB Wed Jun 15 19:57:14 2022  /bin/ping*" linux's ping isnt suid lol