0x00 Preface

---

In the previous article 'Exploitation Analysis of SILENTTRINITY', I learned the method of loading payloads from memory using the C# IronPython engine. On byt3bl33d3r's GitHub, I came across code that executes shellcode using the Boolang language, prompting me to research this technique.

This article will introduce the characteristics and usage of the Boolang language, analyze the advantages of executing shellcode via Boolang, and provide recommendations for defensive detection.

0x01 Introduction

---

This article will cover the following topics:

  • Introduction to the Boolang Language
  • Usage of the Boolang Language
  • Implementation Code for Executing Shellcode via Boolang Language
  • Exploitation Analysis
  • Defensive Detection

0x02 Introduction to Boolang Language

---

Learning Materials:

https://github.com/boo-lang/boo

Boolang is an object-oriented language that combines Python's syntax, Ruby's functionality, and C#'s speed and security

Features include:

  • Syntax is very close to Python, user-friendly
  • Statically typed, more secure compared to dynamically typed Python
  • Extensible compiler, can run on .NET Framework or Mono
  • Open source code

0x03 Usage of Boolang Language

---

First, you need to download the compiled Boolang files from the following address:

https://github.com/boo-lang/boo/releases

The files include the following three executable programs:

  1. booi.exe, used for executing scripts
  2. booish.exe, a real-time compiler program, convenient for testing code
  3. booc.exe, used for compiling scripts

The specific usage is as follows:

1. Use booi.exe to execute Boolang scripts

The content of test.boo is as follows:

print "Hello, World!"

The command is as follows:

booi.exe test.boo

The result is shown in the figure below

Alt text

2. Use booish.exe for real-time compilation

Start booish.exe, enter the following code in the command line:

print "Hello, World!"

The result is shown in the figure below

Alt text

3. Use booc.exe to compile Boolang scripts

The content of test.boo is as follows:

print "Hello, World!"

The command is as follows:

enter code herebooc -output:test.exe test.boo

Generate the file test.exe

4. Compile Boolang script using booc.exe (using Boo.Lang.Compiler API)

The content of test.boo is as follows:

import Boo.Lang.Compiler
import Boo.Lang.Compiler.IO
import Boo.Lang.Compiler.Pipelines

compiler = BooCompiler()
compiler.Parameters.Input.Add(StringInput("