@desmanado Based on the last line of the error message you are receiving, I think that the mechanize module may have added support for the login[username] control. At the time the exploit was developed, the developer had to create a custom control for it. The exploit is getting confused because now there are two different controls that match that name.
If you comment out that line in the exploit, you should get past this error:
mechanize._form_controls.AmbiguityError: more than one control matching name 'login[username]'
Just revisited this box the other day for exam practice and it worked for me.