Come and have a go if you think you're hard enough!
If you do manage to find a user name and password you can log on to the bragging board and leave a message.
The Hack site includes some hints and tips for this famous exploit - but the best techniques are saved for the book, SQL Hacks published by O'Reilly, reviewed on Slashdot by Scott Walters.
Hackers use SQL injection to have unexpected SQL statements executed on the victim's machine. For example if you supply a string such as ' OR ''=' as both user name and password you turn the SQL query SELECT name FROM passwd WHERE user='$user' AND password='$password' into SELECT name FROM passwd WHERE user='' OR ''='' AND password='' OR ''='' The WHERE condition always returns true and so with a little luck the magic string 'OR''=' will get you access to a vulnerable site without knowing any insider details.
Having got access to the system you can then use SQL queries to find out account names and possibly passwords.