On the Instructor VM, in the DVWA Vulnerable Web Application, click on SQL Injection
Type a' OR 'x'='x'#; in the User ID: Text Box
I realize we have a little more information that most hackers about this website.
We know that the table name is call users.
However, we do not necessarily need to know the table name to attempt to grab a user's list from the logical access table.