Was going to ask a question but then I got it
. It took me two days I'm sad to say but only because I was over thinking it, it's like the easiest SQL injection you could possibly use. If you're having trouble go to this link, http://www.hackthissite.org/articles/read/23
, and look at the part on SQL injection, that's what helped me.
Hint: Don't try and use the URL. The username is basically given to you in the challenge description, so all you need is the password. But you're not going to get the password no matter what you try, so you want to trick the site into thinking you already know it with SQL injection (sorry if I've said too much, if I have, edit it).
Hope this helps, and sorry if any of this is inaccurate, I'm still a newbie.