As an aspiring penetration tester, it is not always the extensive rootkits or the backdoor metasploit exploits that you need to focus on with every testing engagement. Sometimes, the best way in is to just try the front door. If you can learn to master a simple, repeatable process of testing the login screens of any application, device, or account, you will save yourself time and effort with establishing the scope of an engagement.
Once you understand the scope of what you are testing, the best way to start any engagement is to do some research online and find some common knowledge. You should never assume that the owner has done this step; in most cases, they have not. Take this example, imagine you are testing a company’s network infrastructure and you know they use Cisco networking devices. Try searching online for the default factory admin credentials. You would be surprised how many clients leave the admin creds unchanged after years of implementation.
The next step would be to try and password crack the admin account. Since you already know that the admin username for Cisco devices is "admin," try brute forcing that login with a standard wordlist (no more than 6-8 characters long for efficiency). Once completed, you will be able to get a good grasp on the security experience at this client's company. Most of the people managing these devices' mindset is “get it set up and move on,” so if you are not able to crack the admin password of more than 8 characters, it is safe to say you need to find another avenue of attack to breach into this client's infrastructure.
Trying the above steps on an internal employee account would be another easy approach to gaining quick access. It should not be hard to guess the domain of the user accounts; you should probably be able to find this online (usually the company name like @google.com). Then with a little online research for employees that work at the company, you could try brute force logins with different combinations of the employees' first and last names. Pair these combos against your 6-8 word password list and see what you get.
At the end of the day, being able to come up with an attack strategy similar to this that allows for quick execution on multiple targets will allow you to become an efficient penetration tester in the long run.