Upon visiting the webpage, I was greeted with a plain page without any useful external links or information.
Finding the first directory
$ gobuster dir -u http://<target>.com/ -w DanielMiesslerSecLists/Discovery/Web-Content/common.txt
But did not receive any positive results. From the description of the challenge, it appears that this application relates to "Blood Donations". Thus, I tried the directory /blood, and it worked.
SQL Injection with sqlmap
Navigating through the application while behind Burp suite proxy, I found 2 requests within the application that are potentially vulnerable to an SQL injection attack. This is due to the nature of the request being likely to return a value retrieved directly from the database.