@ECHO OFF
:: Windows version check
IF NOT [%OS%]==[Windows_NT] GOTO Syntax
:: Only one single command line parameter specified?
IF [%1]==[] GOTO Syntax
IF NOT [%2]==[] GOTO Syntax
:: Help wanted?
ECHO.%* | FIND "?" >NUL
IF NOT ERRORLEVEL 1 GOTO Syntax
:: No wildcards allowed
ECHO.%* | FIND "*" >NUL
IF NOT ERRORLEVEL 1 GOTO Syntax
:: Was a valid directory specified?
DIR /AD /X "%~1.\..\%~n1*" 2>NUL | FIND "
" | FIND /I "%~n1" >NUL
IF ERRORLEVEL 1 GOTO Syntax
SETLOCAL
ECHO."%~f1"
TAKEOWN "%~f1"
PUSHD "%~f1"
TAKEOWN *.*
:: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: ::
:: The following 2 lines of code have been commented out, as they might be exploited, ::
:: as explained in http://www.thesecurityfactory.be/command-injection-windows.html ::
:: They are kept in comments for learning purposes only. ::
:: SET StartDir=%CD% ::
:: FOR /F "tokens=* delims=" %%A IN ('DIR /AD /B "%StartDir%.\*.*" 2^>NUL') DO ( ::
:: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: ::
:: The following 2 lines of code replace the 2 that were commented out,
:: circumventing the code injection vulnerability:
SET StartDir="%CD%"
:: Because %StartDir% is now quoted, it is not possible to (safely) append *.*
:: hence the use of %__CD__% which equals %CD% but always ends with a backslash
FOR /F "tokens=* delims=" %%A IN ('DIR /AD /B "%__CD__%*.*" 2^>NUL') DO (
ECHO."%%~fA"
ATTRIB -H -R -S "%%~fA"
TAKEOWN "%%~fA"
CD "%%~fA"
ATTRIB -h -r -s *.* >NUL 2>&1
FOR /F "tokens=* delims=" %%? IN ('DIR /A-D /B "%%~fA.\*.*" 2^>NUL') DO (
ECHO."%%~f?"
TAKEOWN "%%~f?"
)
CALL "%~f0" "%%~fA"
REM :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: ::
REM :: The doublequotes were removed in the next line of code because they are ::
REM :: now included in the %StartDir% variable ::
REM :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: ::
CD %StartDir%
)
POPD
ENDLOCAL
GOTO:EOF
:Syntax
ECHO.
ECHO OWN.bat, Version 0.59.60 FINAL BETA for Windows 2000
ECHO Recursively take ownership of entire specified directory tree.
ECHO.
ECHO Usage: OWN startdir
ECHO.
ECHO Uses TAKEOWN.EXE from the Resource Kit.
ECHO.
ECHO Written by Rob van der Woude
ECHO http://www.robvanderwoude.com
ECHO.
ECHO WARNING: This batch file hasn't been tested extensively yet.
ECHO Use entirely at your OWN risk.
:: The following warning lines were added because of a code injection vulnerability disclosure
ECHO A security vulnerability has been disclosed that uses this script
ECHO code as a sample of vulnerable code. For details see
ECHO http://www.thesecurityfactory.be/command-injection-windows.html
ECHO Note that the vulnerable code has been replaced by safer code,
ECHO but for learning purposes the old, vulnerable code has been kept
ECHO in comments.