Solving the first challenge i.e. Login page #1 was pretty much easy as both user name field and password field are vulnerable to SQL injection attacks.
One method is try each and every SQL injection code from SQL injection sheet. However, the smartest way is to look at the executed command and try to balance the equation by cleverly putting appropriate strings.
You can see the documentation here.