(from multiple walkthroughs): Username: admin' Password: '=''
This works because the query becomes:
Given the variations, the most reliable solution I’ve tested: Sql Injection Challenge 5 Security Shepherd