in natas15 you must do a sql blind injection
for test i run this code to find first letter of password
import requests from requests.auth import HTTPBa
