Rob van der Woude's Scripting Pages
Powered by GeSHi

Source code for own.bat

(view source code of own.bat as plain text) 

  1. @ECHO OFF
  2. :: Windows version check
  3. IF NOT [%OS%]==[Windows_NT] GOTO Syntax
  4. :: Only one single command line parameter specified?
  5. IF     [%1]==[] GOTO Syntax
  6. IF NOT [%2]==[] GOTO Syntax
  7. :: Help wanted?
  8. ECHO.%* | FIND "?" >NUL
  9. IF NOT ERRORLEVEL 1 GOTO Syntax
  10. :: No wildcards allowed
  11. ECHO.%* | FIND "*" >NUL
  12. IF NOT ERRORLEVEL 1 GOTO Syntax
  13. :: Was a valid directory specified?
  14. DIR /AD /X "%~1.\..\%~n1*" 2>NUL | FIND "<DIR>" | FIND /I "%~n1" >NUL
  15. IF ERRORLEVEL 1 GOTO Syntax
  16.  
  17. SETLOCAL
  18. ECHO."%~f1"
  19. TAKEOWN "%~f1"
  20. PUSHD "%~f1"
  21. TAKEOWN *.*
  22.  
  23. :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: ::
  24. :: The following 2 lines of code have been commented out, as they might be exploited,  ::
  25. :: as explained in http://www.thesecurityfactory.be/command-injection-windows.html     ::
  26. :: They are kept in comments for learning purposes only.                               ::
  27. :: SET StartDir=%CD%                                                                   ::
  28. :: FOR /F "tokens=* delims=" %%A IN ('DIR /AD /B "%StartDir%.\*.*" 2^>NUL') DO (       ::
  29. :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: ::
  30.  
  31. :: The following 2 lines of code replace the 2 that were commented out,
  32. :: circumventing the code injection vulnerability:
  33. SET StartDir="%CD%"
  34. :: Because %StartDir% is now quoted, it is not possible to (safely) append *.*
  35. :: hence the use of %__CD__% which equals %CD% but always ends with a backslash
  36. FOR /F "tokens=* delims=" %%A IN ('DIR /AD /B "%__CD__%*.*" 2^>NUL') DO (
  37. 	ECHO."%%~fA"
  38. 	ATTRIB -H -R -S "%%~fA"
  39. 	TAKEOWN "%%~fA"
  40. 	CD "%%~fA"
  41. 	ATTRIB -h -r -s *.* >NUL 2>&1
  42. 	FOR /F "tokens=* delims=" %%? IN ('DIR /A-D /B "%%~fA.\*.*" 2^>NUL') DO (
  43. 		ECHO."%%~f?"
  44. 		TAKEOWN "%%~f?"
  45. 	)
  46. 	CALL "%~f0" "%%~fA"
  47. 	REM :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: ::
  48. 	REM :: The doublequotes were removed in the next line of code because they are ::
  49. 	REM :: now included in the %StartDir% variable                                 ::
  50. 	REM :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: :: ::
  51. 	CD %StartDir%
  52. )
  53. POPD
  54. ENDLOCAL
  55. GOTO:EOF
  56.  
  57. :Syntax
  58. ECHO.
  59. ECHO OWN.bat,  Version 0.59.60 FINAL BETA for Windows 2000
  60. ECHO Recursively take ownership of entire specified directory tree.
  61. ECHO.
  62. ECHO Usage:  OWN  startdir
  63. ECHO.
  64. ECHO Uses TAKEOWN.EXE from the Resource Kit.
  65. ECHO.
  66. ECHO Written by Rob van der Woude
  67. ECHO http://www.robvanderwoude.com
  68. ECHO.
  69. ECHO WARNING: This batch file hasn't been tested extensively yet.
  70. ECHO          Use entirely at your OWN risk.
  71. :: The following warning lines were added because of a code injection vulnerability disclosure
  72. ECHO          A security vulnerability has been disclosed that uses this script
  73. ECHO          code as a sample of vulnerable code. For details see
  74. ECHO          http://www.thesecurityfactory.be/command-injection-windows.html
  75. ECHO          Note that the vulnerable code has been replaced by safer code,
  76. ECHO          but for learning purposes the old, vulnerable code has been kept
  77. ECHO          in comments.
  78.  

page last modified: 2024-04-16; loaded in 0.0234 seconds