@ECHO OFF :: Windows version check IF NOT [%OS%]==[Windows_NT] GOTO Syntax :: Only one single command line parameter specified? IF [%1]==[] GOTO Syntax IF NOT [%2]==[] GOTO Syntax :: Help wanted? ECHO.%* | FIND "?" >NUL IF NOT ERRORLEVEL 1 GOTO Syntax :: No wildcards allowed ECHO.%* | FIND "*" >NUL IF NOT ERRORLEVEL 1 GOTO Syntax :: Was a valid directory specified? DIR /AD /X "%~1.\..\%~n1*" 2>NUL | FIND "" | FIND /I "%~n1" >NUL IF ERRORLEVEL 1 GOTO Syntax SETLOCAL ECHO."%~f1" TAKEOWN "%~f1" PUSHD "%~f1" TAKEOWN *.* :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: The following 2 lines of code have been commented out, as they might be exploited, :: :: as explained in http://www.thesecurityfactory.be/command-injection-windows.html :: :: They are kept in comments for learning purposes only. :: :: SET StartDir=%CD% :: :: FOR /F "tokens=* delims=" %%A IN ('DIR /AD /B "%StartDir%.\*.*" 2^>NUL') DO ( :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: The following 2 lines of code replace the 2 that were commented out, :: circumventing the code injection vulnerability: SET StartDir="%CD%" :: Because %StartDir% is now quoted, it is not possible to (safely) append *.* :: hence the use of %__CD__% which equals %CD% but always ends with a backslash FOR /F "tokens=* delims=" %%A IN ('DIR /AD /B "%__CD__%*.*" 2^>NUL') DO ( ECHO."%%~fA" ATTRIB -H -R -S "%%~fA" TAKEOWN "%%~fA" CD "%%~fA" ATTRIB -h -r -s *.* >NUL 2>&1 FOR /F "tokens=* delims=" %%? IN ('DIR /A-D /B "%%~fA.\*.*" 2^>NUL') DO ( ECHO."%%~f?" TAKEOWN "%%~f?" ) CALL "%~f0" "%%~fA" REM :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: REM :: The doublequotes were removed in the next line of code because they are :: REM :: now included in the %StartDir% variable :: REM :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: CD %StartDir% ) POPD ENDLOCAL GOTO:EOF :Syntax ECHO. ECHO OWN.bat, Version 0.59.60 FINAL BETA for Windows 2000 ECHO Recursively take ownership of entire specified directory tree. ECHO. ECHO Usage: OWN startdir ECHO. ECHO Uses TAKEOWN.EXE from the Resource Kit. ECHO. ECHO Written by Rob van der Woude ECHO http://www.robvanderwoude.com ECHO. ECHO WARNING: This batch file hasn't been tested extensively yet. ECHO Use entirely at your OWN risk. :: The following warning lines were added because of a code injection vulnerability disclosure ECHO A security vulnerability has been disclosed that uses this script ECHO code as a sample of vulnerable code. For details see ECHO http://www.thesecurityfactory.be/command-injection-windows.html ECHO Note that the vulnerable code has been replaced by safer code, ECHO but for learning purposes the old, vulnerable code has been kept ECHO in comments.